WO2020085141A1 - Information processing system, input device, user authentication method, server device, and biometric authentication device - Google Patents

Information processing system, input device, user authentication method, server device, and biometric authentication device Download PDF

Info

Publication number
WO2020085141A1
WO2020085141A1 PCT/JP2019/040426 JP2019040426W WO2020085141A1 WO 2020085141 A1 WO2020085141 A1 WO 2020085141A1 JP 2019040426 W JP2019040426 W JP 2019040426W WO 2020085141 A1 WO2020085141 A1 WO 2020085141A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
unit
information
information processing
authentication
Prior art date
Application number
PCT/JP2019/040426
Other languages
French (fr)
Japanese (ja)
Inventor
善彦 諏訪
真行 江端
泰勲 安田
好之 今田
宙孝 石川
優 杉田
崇 伊佐
Original Assignee
株式会社ソニー・インタラクティブエンタテインメント
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社ソニー・インタラクティブエンタテインメント filed Critical 株式会社ソニー・インタラクティブエンタテインメント
Priority to JP2020553182A priority Critical patent/JP7220722B2/en
Priority to US17/286,633 priority patent/US20210374219A1/en
Publication of WO2020085141A1 publication Critical patent/WO2020085141A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a technique for authenticating a user.
  • the information processing device When a user logs in to an information processing device such as a game device, the information processing device performs user authentication processing to confirm whether or not the user is a pre-registered user. When a user logs in, the information processing device often adopts user authentication using a passcode.
  • biometric authentication the user does not need to input a passcode, and the user's labor for authentication is small.
  • the fingerprint authentication system is in widespread use because the user only has to hold his / her finger on the fingerprint sensor and the introduction cost is relatively low.
  • the fingerprint authentication system is a simple user authentication technology, if a fingerprint image or its characteristic information is illegally stolen by a third party, it is difficult to prevent impersonation by the third party. Therefore, there is a demand for a technique for ensuring the security of authentication while maintaining the simplicity of user identification at the time of logging in to a game device.
  • an object of the present invention is to provide a technique for enhancing the convenience of identity verification and the safety of biometric authentication.
  • an information processing system includes an input device for inputting a user operation and an information processing device.
  • the input device has a first communication unit that transmits user identification information for identifying the authenticated user based on the biometric information of the user.
  • the information processing device includes a second communication unit that receives user identification information, a holding unit that holds identification information of one or more registered users, received user identification information, and registered user identification information that is held in the holding unit. And an authentication unit that collates with.
  • Another aspect of the present invention is an input device that transmits a user operation signal to an information processing device, and a holding unit that holds authentication data of one or more registered users, and a biometric information reception unit that receives biometric information of the user.
  • An authentication unit that compares the biometric information received by the biometric information reception unit with the authentication data held in the holding unit, and user identification information for identifying the user authenticated by the authentication unit in the information processing device.
  • a communication unit for transmitting.
  • Yet another aspect of the present invention relates to a method of authenticating a user.
  • an input device for inputting a user operation transmits user identification information for identifying the authenticated user based on the biometric information of the user to the information processing device, and The identification information is received, and the received user identification information is collated with the identification information of one or more registered users held in the holding unit.
  • Yet another aspect of the present invention is a server device connected to an information processing device to which a user operation signal is transmitted from an input device, the holding device holding identification information of a plurality of users of a service, and information from the input device.
  • the communication unit for receiving the user identification information transmitted to the processing device and not registered in the information processing device, the received user identification information, and the user identification information held in the holding unit. It has an authentication unit for collation. When the authentication unit confirms that the received user identification information is held in the holding unit, the authentication unit performs user authentication processing with the input device.
  • biometric authentication device that is connected to an input device that transmits a user operation signal to an information processing device, and a holding unit that holds authentication data for one or more registered users, and A biometric information receiving unit that receives biometric information, a biometric information received by the biometric information receiving unit, an authentication unit that collates the authentication data held in the holding unit, and a user that is authenticated by the authentication unit And a providing unit that provides the user identification information to the input device.
  • FIG. 1 shows an information processing system 1 according to an embodiment of the present invention.
  • the information processing system 1 includes an input device 6 for inputting a user operation, an information processing device 10 that receives a user operation and executes an application, and a server device 5 that provides various services including a network service to a user. Equipped with.
  • the access point (hereinafter, referred to as “AP”) 8 has a function of a wireless access point and a router, and the information processing device 10 connects to the AP 8 wirelessly or via a wire to connect with the server device 5 on the network 3. Connect to communicate.
  • AP access point
  • the auxiliary storage device 2 is a large-capacity storage device such as an HDD (hard disk drive) or a flash memory, and may be an external storage device that is connected to the information processing device 10 by a USB (Universal Serial Bus) or the like, or a built-in storage It may be a device.
  • the output device 4 may be a television having a display that outputs an image and a speaker that outputs audio, or may be a computer display.
  • the information processing device 10 is connected to the input device 6 operated by the user wirelessly or by wire, and the input device 6 transmits a user operation signal indicating an operation state of an operation unit such as a button or a lever to the information processing device 10.
  • the information processing device 10 reflects the user operation signal acquired from the input device 6 on the processing of the OS (system software) and the application, and causes the output device 4 to output the processing result.
  • the information processing device 10 may be a game device that executes a game
  • the input device 6 may be a device such as a game controller that supplies a user operation signal to the information processing device 10.
  • the camera 7, which is an imaging device, is provided near the output device 4 and images the space around the output device 4.
  • the camera 7 may be a stereo camera.
  • the server device 5 provides a network service to the user of the information processing system 1.
  • the server device 5 manages a network account (user identification information) that identifies each user, and each user signs in to the network service using the network account. By signing in to the network service from the information processing device 10, the user can register game save data and a trophy, which is a virtual award obtained during the game play, in the server device 5.
  • the server device 5 holds profile information such as a user icon, a nickname (online ID) on the network, and a sign-in password in the user DB in association with the network account.
  • FIG. 2 shows an external configuration of the upper surface of the input device.
  • the user grips the left grip 78b with the left hand and the right grip 78a with the right hand to operate the input device 6.
  • a direction key 71, analog sticks 77a and 77b, and four types of operation buttons 76 are provided on the upper surface of the housing of the input device 6.
  • the ⁇ button 72 is a red circle
  • the ⁇ button 73 is a blue cross
  • the ⁇ button 74 is a square. Is a purple square
  • the triangle button 75 is a green triangle.
  • a function button 80 is provided between the two analog sticks 77a and 77b.
  • the function button 80 is used to turn on the power of the input device 6 and simultaneously activate the communication function for connecting the input device 6 and the information processing device 10.
  • the function button 80 is pressed while the main power of the information processing device 10 is off, the information processing device 10 sends a connection request transmitted from the input device 6 for turning on the main power. The instruction is also accepted, and the main power of the information processing device 10 is turned on.
  • the function button 80 is also used to cause the information processing device 10 to display the home screen.
  • a touch pad 79 is provided in a flat area between the direction key 71 and the operation button 76.
  • the touch pad 79 also functions as a push-down button that sinks downward when the user presses it and returns to the original position when the user releases the hand.
  • a fingerprint sensor 79a that receives user's fingerprint information may be provided in the flat area. When the user logs in to the information processing device 10 or when the identity verification is requested by the network service, the user puts a finger on the fingerprint sensor 79a to perform identity verification by fingerprint authentication.
  • the fingerprint sensor 79a is an example of a biometric information receiving unit that receives biometric information of the user, and another type of sensor may be provided.
  • the SHARE button 81 is provided between the touch pad 79 and the direction key 71.
  • the SHARE button 81 is used to input an instruction from the user to the OS or system software in the information processing device 10.
  • the OPTIONS button 82 is provided between the touch pad 79 and the operation button 76.
  • the OPTIONS button 82 is used to input an instruction from the user to an application (game) executed in the information processing device 10.
  • FIG. 3 shows a hardware configuration of the information processing device 10.
  • the information processing device 10 includes a main power button 20, a power ON LED 21, a standby LED 22, a system controller 24, a clock 26, a device controller 30, a media drive 32, a USB module 34, a flash memory 36, a wireless communication module 38, and wired communication. It has a module 40, a subsystem 50, and a main system 60.
  • the main system 60 includes a main CPU (Central Processing Unit), a memory and a memory controller that are main storage devices, and a GPU (Graphics Processing Unit).
  • the GPU is mainly used for arithmetic processing of game programs. These functions may be configured as a system on chip and formed on one chip.
  • the main CPU has a function of starting the OS and executing the application installed in the auxiliary storage device 2 under the environment provided by the OS.
  • the subsystem 50 includes a sub CPU, a memory that is a main storage device, a memory controller, and the like, and does not include a GPU.
  • the sub CPU operates even while the main CPU is in the standby state, and its processing function is limited in order to keep the power consumption low.
  • the sub CPU and the memory may be formed on separate chips.
  • the main power button 20 is an input unit through which a user inputs an operation, is provided on the front surface of the housing of the information processing device 10, and turns on or off the power supply to the main system 60 of the information processing device 10. Be operated for.
  • the main power supply being in the ON state means that the main system 60 is in the active state
  • the main power supply being in the OFF state means that the main system 60 is in the standby state.
  • the power-on LED 21 lights up when the main power button 20 is turned on, and the standby LED 22 lights up when the main power button 20 is turned off.
  • the system controller 24 detects pressing of the main power button 20 by the user. When the main power button 20 is pressed while the main power is in the off state, the system controller 24 acquires the pressing operation as an "on instruction", while the main power is on when the main power is in the on state. When the button 20 is pressed, the system controller 24 acquires the pressing operation as an “off instruction”.
  • the main CPU has a function of executing the game program installed in the auxiliary storage device 2 or the ROM medium 44, while the sub CPU does not have such a function.
  • the sub CPU has a function of accessing the auxiliary storage device 2 and a function of transmitting / receiving data to / from the server device 5.
  • the sub CPU is configured to have only such a limited processing function, and thus can operate with less power consumption than the main CPU.
  • the functions of these sub CPUs are executed when the main CPU is in the standby state. Since the subsystem 50 is operating when the main system 60 is in the standby state, the information processing apparatus 10 according to the embodiment maintains the state of always being signed in to the network service provided by the server apparatus 5.
  • the clock 26 is a real-time clock that generates current date and time information and supplies it to the system controller 24, the subsystem 50, and the main system 60.
  • the device controller 30 is configured as an LSI (Large-Scale Integrated Circuit) that transfers information between devices like a south bridge. As illustrated, devices such as the system controller 24, the media drive 32, the USB module 34, the flash memory 36, the wireless communication module 38, the wired communication module 40, the subsystem 50, and the main system 60 are connected to the device controller 30. It The device controller 30 absorbs the difference in the electrical characteristics of each device and the difference in the data transfer rate, and controls the timing of data transfer.
  • LSI Large-Scale Integrated Circuit
  • the media drive 32 is a drive device in which a ROM medium 44 recording application software such as a game and license information is mounted and driven, and programs and data are read from the ROM medium 44.
  • the ROM medium 44 is a read-only recording medium such as an optical disc, a magneto-optical disc, or a Blu-ray disc.
  • the USB module 34 is a module that connects to an external device with a USB cable.
  • the USB module 34 may be connected to the auxiliary storage device 2 and the camera 7 with a USB cable.
  • the flash memory 36 is an auxiliary storage device that constitutes an internal storage.
  • the wireless communication module 38 wirelessly communicates with the input device 6 using a communication protocol such as a Bluetooth (registered trademark) protocol or an IEEE 802.11 protocol.
  • the wired communication module 40 performs wired communication with an external device and connects to the network 3 via the AP 8, for example.
  • the information processing apparatus 10 of the embodiment has at least two types of login processing. The outline of the two types of login processing will be described below.
  • ⁇ Login process 1> In the login process 1, the user operates the input device 6 to select his / her icon on the user selection screen and inputs the login passcode, so that the information processing device 10 authenticates the user and logs in the user. Processing. ⁇ Login process 2> In the login processing 2, when the user puts a finger on the fingerprint sensor 79a, the input device 6 authenticates the user by fingerprint collation, and the information processing device 10 side authenticates the user using the user identification information to log the user in. Processing.
  • the information processing device 10 performs user authentication using the login passcode, whereas in the login process 2, user authentication is performed by both the input device 6 and the information processing device 10.
  • the login process 2 is a simple login method for the user because the user only needs to put his / her finger on the fingerprint sensor 79a.
  • FIG. 4 shows functional blocks of the input device 6 and the information processing device 10.
  • the input device 6 includes a fingerprint sensor 79a, a fingerprint authentication unit 84, an authentication data holding unit 85, a key generation unit 86, an operation unit 87, a control unit 88, a registered user information holding unit 89, and a communication unit 90.
  • the operation unit 87 represents an operation member such as the button shown in FIG.
  • the information processing device 10 includes a control unit 100, a communication unit 102, and a registered user information holding unit 120, and the control unit 100 includes a user authentication unit 110, a login processing unit 112, and an application execution unit 114.
  • the communication unit 102 has the functions of the wireless communication module 38 and the wired communication module 40 shown in FIG.
  • the application execution unit 114 executes an application such as a game.
  • each element described as a functional block that performs various processes can be configured by a circuit block, a memory, and other LSI in terms of hardware, and loaded in the memory in terms of software. It is realized by a program. Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by only hardware, only software, or a combination thereof, and the present invention is not limited to them.
  • the information processing apparatus 10 is characterized by supporting a suitable login operation of the user.
  • the user In order to log in to the OS of the information processing device 10, the user needs to acquire a login account and register necessary user information in the information processing device 10 as a prerequisite.
  • a user who has registered a login account in the information processing device 10 is also referred to as a “registered user”.
  • the registered user information holding unit 120 holds various information regarding one or more users registered in the information processing device 10, and specifically, associates with a login account, a login passcode, and a sign-in to the server device 5.
  • Registered user information such as network account (user identification information on the network), sign-in ID (email address), online ID (nickname on the network), user icon (avatar) for expressing the user Holds as.
  • the fingerprint authentication in the login process 2 of the embodiment is executed in the input device 6 and the information processing device 10 is not involved. Therefore, the registered user information holding unit 120 does not hold information about the user's fingerprint.
  • the user's fingerprint image data is not transmitted from the input device 6 to the information processing device 10, and therefore, in the communication path between the input device 6 and the information processing device 10. There is no risk of fingerprint information being intercepted by a third party.
  • the authentication data holding unit 85 holds the authentication data of one or more registered users.
  • the authentication data holding unit 85 may hold the authentication data of a plurality of registered users.
  • the authentication data may be the fingerprint image feature data, but may be the fingerprint image data itself.
  • the authentication data is data to be compared in fingerprint collation by the fingerprint authentication unit 84, and is generated according to the fingerprint recognition algorithm adopted by the fingerprint authentication unit 84.
  • the authentication data may be data obtained by extracting the branch points of fingerprints, the positions of feature points such as end points and center points, and the number of ridges between feature points. What kind of authentication data is required depends on the fingerprint recognition algorithm adopted by the fingerprint authentication unit 84.
  • the control unit 88 performs the registration process of the authentication data under the state where the user who registers the fingerprint is specified.
  • the user A who is the registered user of the information processing apparatus 10 registers the fingerprint.
  • the fingerprint sensor 79a receives the fingerprint information of the user A.
  • the fingerprint sensor 79a may acquire a fingerprint image as fingerprint information.
  • the fingerprint authentication unit 84 generates authentication data from the fingerprint information received by the fingerprint sensor 79a.
  • the control unit 88 causes the authentication data holding unit 85 to hold the authentication data in association with the finger ID.
  • the finger ID indicates the order of registration of the authentication data. Therefore, the finger ID “1” is assigned to the authentication data registered first, and the finger ID “2” is assigned to the authentication data registered second.
  • the control unit 88 causes the registered user information holding unit 89 to associate the user A's finger ID with the identification information for identifying the user A.
  • Memorize The control unit 88 may acquire the user identification information from the information processing device 10 after registration of the authentication data, but may acquire it before registration.
  • the registered user information holding unit 120 holds various user information that can identify the user A, but the control unit 88 acquires a network account for identifying the user on the network. .
  • the fingerprint authentication can be used not only at the time of login but also at the scene of identity verification in the network service, as described later.
  • the control unit 88 also causes the key generation unit 86 to generate a private key and a public key for use in user authentication accompanying fingerprint authentication.
  • the key generation unit 86 generates a private key (PRI_Key_A) and a public key (PUB_Key_A) of the user A, and the control unit 88 associates the registered user information holding unit 89 with the finger ID of the user A and associates it with the finger ID of the user A.
  • the private key (PRI_Key_A) and the public key (PUB_Key_A) generated for this purpose are stored.
  • the registered user information holding unit 89 holds the network account (NW_ID_A) of the user A, the secret key (PRI_Key_A), and the public key (PUB_Key_A) in association with the finger ID of the user A.
  • the registered user information holding unit 89 holds information of all users who have registered the fingerprint authentication data in the authentication data holding unit 85.
  • FIG. 5 shows an example of contents stored in the registered user information storage unit 89.
  • the finger ID “1” is associated with the user A information
  • the finger ID “2” is associated with the user B information
  • the finger ID “3” is associated with the user C information, respectively.
  • the control unit 88 causes the registered user information holding unit 89 to store the public key in association with the finger ID, and the public key from the communication unit 90 to the user.
  • the server device 5 Along with the network account of A, it is transmitted to the server device 5 via the information processing device 10.
  • the communication unit 90 transmits the public key to the information processing device 10, but the information processing device 10 only relays and does not acquire the public key.
  • the server device 5 Upon receiving the public key and the network account, stores the public key in the user DB in association with the network account of the user A. When the server device 5 registers the public key, the server device 5 transfers the public key to the information processing device 10.
  • the information processing device 10 causes the registered user information holding unit 120 to store the public key in association with the login account of the user A. With the above, the registration process of the authentication data is completed. Although the information processing device 10 acquires and stores the public key from the server device 5 in the embodiment, the information processing device 10 may acquire and store the public key when transmitted from the communication unit 90.
  • the login processing unit 112 selectively performs the login process 1 that does not pass through the biometric authentication by the fingerprint authentication unit 84 and the login process 2 that passes through the biometric authentication by the fingerprint authentication unit 84.
  • a procedure when the user A logs in to the information processing device 10 will be described.
  • ⁇ Login process 1> When the user A presses a predetermined button (for example, the function button 80) of the input device 6, the communication unit 90 transmits the pressed information to the information processing device 10.
  • the communication unit 102 receives the pressing information as a connection request, and the communication unit 90 of the input device 6 and the communication unit 102 of the information processing device 10 are connected.
  • the communication unit 102 connects to the communication unit 90 after the main power supply of the information processing apparatus 10 is turned on according to the pressing information of the function button 80.
  • the pressing information of the function button 80 is transmitted to the login processing unit 112, and the login processing unit 112 receives the pressing information as a login request from the user.
  • the login processing unit 112 reads out the registered user information held in the registered user information holding unit 120, and displays a selection screen for selecting a user registered in the information processing device 10 on the output device 4. This selection screen constitutes the login screen in the login process 1.
  • FIG. 6A shows an example of the user selection screen.
  • the login processing unit 112 reads the user icon and online ID of the registered user from the registered user information holding unit 120, and the user can select the read user icon and online ID (hereinafter also referred to as “user identification information”) in a list format. To display.
  • the login processing unit 112 movably displays a focus frame 200 surrounding one piece of user identification information on the list.
  • the user A operates the operation unit 87 of the input device 6 to move the focus frame 200 to the display area of his / her user identification information, and presses the enter button ( ⁇ button 72) of the input device 6 to obtain his / her user identification information. Select.
  • the login processing unit 112 displays the passcode input screen shown in FIG. 6B on the output device 4.
  • the user A inputs the passcode, and the user authentication unit 110 determines whether or not it is the same as the login passcode of the user A held in the registered user information holding unit 120, and determines whether or not the login of the user A is permitted. To do.
  • the login passcode is correct, the user authentication unit 110 notifies the login processing unit 112 that the user authentication has been successful, and the login processing unit 112 logs the user A into the information processing apparatus 10.
  • FIG. 7 shows an example of the sequence of the login process 2.
  • the fingerprint sensor 79a maintains a state in which it can accept fingerprint information (N in S10).
  • the fingerprint sensor 79a receives the fingerprint information of the user A (Y of S10) and supplies it to the fingerprint authentication unit 84.
  • the fingerprint authentication unit 84 verifies the fingerprint information received by the fingerprint sensor 79a and the authentication data of one or more registered users held in the authentication data holding unit 85 to authenticate that the user A is a registered user. Yes (Y of S12). If the user A has not registered the fingerprint, the fingerprint authentication unit 84 fails the user authentication (N in S12).
  • the fingerprint authentication unit 84 When the fingerprint authentication unit 84 succeeds in fingerprint authentication, it notifies the control unit 88 of the finger ID of the verified authentication data.
  • the control unit 88 reads out the network account associated with the notified finger ID from the registered user information holding unit 89.
  • the network account is user identification information for identifying the user A.
  • the communication unit 90 transmits the network account (NW_ID_A) of the user A to the information processing device 10 (S14).
  • the communication unit 102 receives the network account (NW_ID_A) of the user A.
  • the user authentication unit 110 refers to the registered user information storage unit 120 and confirms whether NW_ID_A is stored as the network account of the registered user.
  • the user authentication unit 110 collates the received NW_ID_A with the network accounts of one or more registered users held in the registered user information holding unit 120.
  • the registered user information holding unit 120 holds NW_ID_A as the network account of the user A, and the user authentication unit 110 authenticates that the user requesting login is the user A (S16). Authentication using this user identification information is the first stage authentication.
  • the user authentication unit 110 performs a user authentication process by another method in order to confirm whether the user authenticated in S16 is really the user A.
  • This user authentication processing is the second-stage authentication, and the user authentication unit 110 executes challenge-response method authentication using public key encryption.
  • the user authentication unit 110 generates a random number called a challenge (S18), and the communication unit 102 transmits the challenge to the communication unit 90 (S20).
  • the control unit 88 encrypts the challenge with the secret key of the user A (S22), and the communication unit 90 returns the encrypted challenge to the communication unit 102 as a response (S24).
  • the user authentication unit 110 decrypts the response using the public key of the user A (S26), and if the decrypted result matches the challenge, the identity verification of the user A requesting the login is completed (S28). .
  • the login processing unit 112 logs in the user A (S30).
  • FIG. 8 shows an example of a screen displayed by the login processing unit 112 when logging in.
  • the user A can log in to the information processing apparatus 10 simply by holding his / her finger over the fingerprint sensor 79a.
  • the fingerprint information of the user A is not transmitted from the input device 6 to the outside. Therefore, in the information processing system 1, there is no risk that fingerprint information is intercepted by a third party on the communication path between the input device 6 and the information processing device 10, and the security of fingerprint authentication can be secured.
  • the user A can perform fingerprint authentication login to the information processing device 10 that has registered a login account.
  • a usage scene in which the user A takes the input device 6 having his or her fingerprint registered from home to a friend's house and plays a game with the friend on the information processing device 10a in the friend's house will be described.
  • the login account of the user A is not registered in the information processing apparatus 10a at the friend's house.
  • FIG. 9 shows another example of the sequence of the login process 2.
  • the user A can play the game together with the friend by logging in the information processing apparatus 10a at the friend's house.
  • the information processing device 10a has the same configuration and function as the information processing device 10 shown in FIG.
  • communication unit 90 transmits the pressing information to information processing device 10a.
  • the communication unit 102 receives the pressing information as a connection request, and the communication unit 90 of the input device 6 and the communication unit 102 of the information processing device 10a are connected.
  • the pressing information of the function button 80 is transmitted to the login processing unit 112, and the login processing unit 112 receives the pressing information as a login request from the user.
  • the login processing unit 112 reads out the registered user information held in the registered user information holding unit 120, and displays a selection screen for selecting a user registered in the information processing device 10a on the output device 4. This selection screen constitutes the login screen in the login process 1.
  • FIG. 10A shows an example of the user selection screen.
  • the login processing unit 112 reads the user icon and online ID of the registered user from the registered user information holding unit 120 of the information processing apparatus 10a, and displays the read user icon and online ID in a list format so that the user can select them.
  • the login processing unit 112 movably displays a focus frame 200 surrounding one piece of user identification information on the list.
  • the information of the user A is not registered in the information processing device 10a of the friend's house, so the list does not include the specific information of the user A.
  • User A creates a login account in information processing device 10a by moving focus frame 200 to the display area of "new user", pressing the enter button ( ⁇ button 72) of input device 6 and inputting the necessary information. it can.
  • this work is a work of inputting a text by operating the input device 6, and is troublesome. Therefore, the information processing system 1 provides a mechanism in which the user A can easily log in to the information processing apparatus 10a at the friend's house by the fingerprint authentication of the input device 6.
  • the fingerprint sensor 79a of the input device 6 maintains a state in which it can accept fingerprint information.
  • the fingerprint sensor 79a receives the fingerprint information of the user A (S40) and supplies it to the fingerprint authentication unit 84.
  • the fingerprint authentication unit 84 verifies the fingerprint information received by the fingerprint sensor 79a and the authentication data of one or more registered users held in the authentication data holding unit 85 to authenticate that the user A is a registered user. Yes (S42).
  • the fingerprint authentication unit 84 When the fingerprint authentication unit 84 succeeds in fingerprint authentication, it notifies the control unit 88 of the finger ID of the verified authentication data.
  • the control unit 88 reads out the network account associated with the notified finger ID from the registered user information holding unit 89.
  • the network account is user identification information for identifying the user A.
  • the communication unit 90 transmits the network account (NW_ID_A) of the user A to the information processing device 10a (S44).
  • the communication unit 102 receives the network account (NW_ID_A) of the user A.
  • the user authentication unit 110 refers to the registered user information storage unit 120 and confirms whether NW_ID_A is stored as the network account of the registered user. As described above, NW_ID_A is not registered in the information processing device 10a at the friend's house. Therefore, the user authentication unit 110 fails to authenticate the user A (S46). When the authentication of the user A fails, the login processing unit 112 transmits the network account (NW_ID_A) of the user A to the server device 5 (S48).
  • FIG. 11 shows functional blocks of the server device 5.
  • the server device 5 includes a control unit 150, a communication unit 152, and a user information holding unit 170, and the control unit 150 includes a user authentication unit 160, a user information acquisition unit 162, and an NW service providing unit 164.
  • the server device 5 has a user authentication function and can be called an information processing device in that sense.
  • the user information holding unit 170 is a user DB that holds profile information and save data of all users who use the network service.
  • the user information holding unit 170 holds profile information such as a sign-in ID, an online ID, a user icon, a sign-in password, and a public key in association with the user's network account.
  • each element described as a functional block that performs various processes can be configured with a circuit block, a memory, and other LSI in terms of hardware, and loaded into the memory in terms of software. It is realized by a program. Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by only hardware, only software, or a combination thereof, and the present invention is not limited to them.
  • the communication unit 152 receives the network account (NW_ID_A) of the user A from the information processing device 10a.
  • the network account (NW_ID_A) of the user A is the identification information transmitted from the input device 6 to the information processing device 10a and is not registered in the information processing device 10a.
  • the user authentication unit 160 refers to the user information holding unit 170 and confirms whether NW_ID_A is held as the network account of the user.
  • the user authentication unit 160 collates the received NW_ID_A with the network accounts of the plurality of users held in the user information holding unit 170.
  • the user information holding unit 170 holds NW_ID_A as the network account of the user A, and the user authentication unit 160 authenticates that the user requesting the login is the user A (S50). Authentication using this user identification information is the first stage authentication.
  • the user authentication unit 160 performs user authentication processing by another method with the input device 6 in order to confirm whether the user authenticated in S50 is really the user A.
  • This user authentication process is a second-stage authentication, and the user authentication unit 160 executes challenge-response authentication (S52) using the public key encryption with the input device 6.
  • S52 the steps S18 to S26 shown in FIG. 7 are performed between the server device 5 and the input device 6.
  • the information processing device 10a relays data communication between the two.
  • the user authentication unit 160 completes the identity verification of the user A requesting the login (S54).
  • the user information acquisition unit 162 issues a one-time password, and the communication unit 152 transmits the one-time password to the information processing device 10a (S56).
  • the login processing unit 112 generates an information acquisition request regarding the user A using the one-time password, and the communication unit 102 transmits the information acquisition request regarding the user A to the server device 5 (S58).
  • the user information acquisition unit 162 acquires the profile information of the user A from the user information holding unit 170, and the communication unit 152 transmits the profile information of the user A to the information processing device 10a (S60).
  • the profile information of the user A transmitted includes information necessary for the information processing apparatus 10a to log in the user A.
  • the profile information may be the user A's sign-in ID, online ID, user icon, sign-in password, public key, or the like.
  • the login processing unit 112 causes the output device 4 to display a login screen and logs the user A into the information processing device 10a (S62).
  • FIG. 10B shows an example of the login screen of user A.
  • user A selects "register”
  • the user A logs in as a registered user to the information processing apparatus 10a
  • the user A logs in to the information processing apparatus 10a as a temporary guest user.
  • logging in as a registered user means that the user information is registered in the registered user information holding unit 120 of the information processing device 10a.
  • the user A can log in to the information processing apparatus 10a simply by holding his / her finger over the fingerprint sensor 79a. This is because the registered user information holding unit 89 of the input device 6 holds the network account as the user identification information.
  • the identity verification may be performed by fingerprint authentication. Also in this case, the steps S50 to S54 shown in FIG. 9 are executed between the input device 6 and the server device 5.
  • the present invention has been described based on the embodiments. It should be understood by those skilled in the art that this embodiment is an exemplification, and that various modifications can be made to the combinations of the respective constituent elements and the respective processing processes, and that such modifications are within the scope of the present invention. .
  • the fingerprint authentication has been described in the embodiment, the input device 6 may have another type of biometric authentication function.
  • the fingerprint sensor 79a is provided in the flat area where the touch pad 79 is provided, but it may be provided in another place.
  • the fingerprint sensor 79a is provided on the function button 80, a mechanism that allows the user to log in to the information processing apparatus 10 by simply pressing the function button 80 is realized.
  • FIG. 12 shows functional blocks of the input device 6 and the biometric authentication device 98 in the modification.
  • the input device 6 includes an operation unit 87, a control unit 88, and a communication unit 90, and transmits a user operation signal to the information processing device 10.
  • the operation unit 87 represents an operation member such as the button shown in FIG.
  • the biometric authentication device 98 includes a processing unit 91, a providing unit 92, a fingerprint sensor 93, a fingerprint authentication unit 94, an authentication data holding unit 95, a key generation unit 96, and a registered user information holding unit 97.
  • the biometric authentication device 98 is an external device that performs biometric authentication, and may be connected to the input device 6 with a USB cable, for example.
  • the biometric authentication device 98 realizes the biometric authentication function of the input device 6 shown in FIG. Specifically, the fingerprint sensor 93, the fingerprint authentication unit 94, the authentication data holding unit 95, the key generation unit 96, and the registered user information holding unit 97 in FIG. 12 are the fingerprint sensor 79a, the fingerprint authentication unit 84, and the authentication data in FIG. It corresponds to the holding unit 85, the key generation unit 86, and the registered user information holding unit 89, respectively.
  • the authentication data holding unit 95 holds the authentication data of one or more registered users.
  • the authentication data holding unit 85 may hold the authentication data of a plurality of users registered in the information processing device 10.
  • the fingerprint sensor 93 maintains a state in which it can accept fingerprint information.
  • the fingerprint authentication unit 94 compares the fingerprint information received by the fingerprint sensor 93 with the authentication data of one or more registered users held in the authentication data holding unit 95. And confirm that the user is a registered user.
  • the fingerprint authentication unit 94 When the fingerprint authentication is successful, the fingerprint authentication unit 94 notifies the processing unit 91 of the finger ID of the verified authentication data.
  • the processing unit 91 reads out the network account associated with the notified finger ID from the registered user information holding unit 97.
  • the providing unit 92 provides the user's network account to the input device 6.
  • the control unit 88 Upon receiving the network account, the control unit 88 causes the communication unit 90 to transmit the information to the information processing apparatus 10.
  • the login process in the information processing device 10 is as described in the embodiment.
  • the present invention can be used in the technical field of authenticating a user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Collating Specific Patterns (AREA)

Abstract

An input device 6 for inputting a user operation is provided with: an authentication data holding unit 85 for holding authentication data of one or more registered users; a fingerprint sensor 79a for accepting fingerprint information of a user; and a fingerprint authenticating unit 84 which compares the accepted fingerprint information with the authentication data of the one or more registered users. If biometric authentication performed by the fingerprint authenticating unit 84 is successful, a communication unit 90 transmits a network account of the user to an information processing device 10. The information processing device 10 is provided with a user authentication unit 110 which compares the received network account with network accounts of registered users held in a registered user information holding unit 120.

Description

情報処理システム、入力装置、ユーザ認証方法、サーバ装置および生体認証装置Information processing system, input device, user authentication method, server device, and biometric authentication device
 本発明は、ユーザを認証する技術に関する。 The present invention relates to a technique for authenticating a user.
 ゲーム装置などの情報処理装置にユーザがログインする際、情報処理装置は、予め登録されたユーザであるか否かを確認するユーザ認証処理を行う。ユーザのログイン時、情報処理装置は、パスコードを利用したユーザ認証を採用していることが多い。 When a user logs in to an information processing device such as a game device, the information processing device performs user authentication processing to confirm whether or not the user is a pre-registered user. When a user logs in, the information processing device often adopts user authentication using a passcode.
 近年では、生体情報を用いたユーザ認証処理も一般的に利用されている。生体認証は、ユーザがパスコードを入力しなくてよく、認証におけるユーザの手間が少ない。特に指紋認証システムは、ユーザが指紋センサに指をかざすだけでよく、また導入コストが比較的安価であることから、広く普及している。 -In recent years, user authentication processing using biometric information is also commonly used. In biometric authentication, the user does not need to input a passcode, and the user's labor for authentication is small. In particular, the fingerprint authentication system is in widespread use because the user only has to hold his / her finger on the fingerprint sensor and the introduction cost is relatively low.
 一方、指紋認証システムは、簡便なユーザ認証技術であるが故に、指紋画像ないしはその特徴情報が第三者により不正に盗まれると、当該第三者によるなりすましを防ぎにくいという問題もある。そこでゲーム装置のログイン時などにおいて、ユーザの本人確認の簡便さを維持しつつ、認証の安全性を確保するための技術が望まれている。 On the other hand, since the fingerprint authentication system is a simple user authentication technology, if a fingerprint image or its characteristic information is illegally stolen by a third party, it is difficult to prevent impersonation by the third party. Therefore, there is a demand for a technique for ensuring the security of authentication while maintaining the simplicity of user identification at the time of logging in to a game device.
 そこで本発明は、本人確認の利便性や生体認証の安全性を高める技術を提供することを目的とする。 Therefore, an object of the present invention is to provide a technique for enhancing the convenience of identity verification and the safety of biometric authentication.
 上記課題を解決するために、本発明のある態様の情報処理システムは、ユーザ操作を入力するための入力装置と、情報処理装置とを備える。入力装置は、ユーザの生体情報にもとづいて認証されたユーザを識別するためのユーザ識別情報を送信する第1通信部を有する。情報処理装置は、ユーザ識別情報を受信する第2通信部と、1以上の登録ユーザの識別情報を保持する保持部と、受信したユーザ識別情報と、保持部に保持された登録ユーザの識別情報とを照合する認証部とを有する。 In order to solve the above problems, an information processing system according to an aspect of the present invention includes an input device for inputting a user operation and an information processing device. The input device has a first communication unit that transmits user identification information for identifying the authenticated user based on the biometric information of the user. The information processing device includes a second communication unit that receives user identification information, a holding unit that holds identification information of one or more registered users, received user identification information, and registered user identification information that is held in the holding unit. And an authentication unit that collates with.
 本発明の別の態様は、ユーザ操作信号を情報処理装置に送信する入力装置であって、1以上の登録ユーザの認証用データを保持する保持部と、ユーザの生体情報を受け付ける生体情報受付部と、生体情報受付部が受け付けた生体情報と、保持部に保持された認証用データとを照合する認証部と、認証部により認証されたユーザを識別するためのユーザ識別情報を情報処理装置に送信する通信部とを備える。 Another aspect of the present invention is an input device that transmits a user operation signal to an information processing device, and a holding unit that holds authentication data of one or more registered users, and a biometric information reception unit that receives biometric information of the user. An authentication unit that compares the biometric information received by the biometric information reception unit with the authentication data held in the holding unit, and user identification information for identifying the user authenticated by the authentication unit in the information processing device. And a communication unit for transmitting.
 本発明のさらに別の態様は、ユーザを認証する方法に関する。このユーザ認証方法において、ユーザ操作を入力するための入力装置が、ユーザの生体情報にもとづいて認証されたユーザを識別するためのユーザ識別情報を情報処理装置に送信し、情報処理装置が、ユーザ識別情報を受信し、受信したユーザ識別情報と、保持部において保持された1以上の登録ユーザの識別情報とを照合する。 Yet another aspect of the present invention relates to a method of authenticating a user. In this user authentication method, an input device for inputting a user operation transmits user identification information for identifying the authenticated user based on the biometric information of the user to the information processing device, and The identification information is received, and the received user identification information is collated with the identification information of one or more registered users held in the holding unit.
 本発明のさらに別の態様は、入力装置からユーザ操作信号を送信される情報処理装置と接続するサーバ装置であって、サービスの複数のユーザの識別情報を保持する保持部と、入力装置から情報処理装置に送信されたユーザ識別情報であって情報処理装置に登録されていないユーザ識別情報を、受信する通信部と、受信したユーザ識別情報と、保持部に保持されたユーザの識別情報とを照合する認証部とを有する。認証部は、受信したユーザ識別情報が保持部に保持されていることを確認すると、入力装置との間でユーザ認証処理を行う。 Yet another aspect of the present invention is a server device connected to an information processing device to which a user operation signal is transmitted from an input device, the holding device holding identification information of a plurality of users of a service, and information from the input device. The communication unit for receiving the user identification information transmitted to the processing device and not registered in the information processing device, the received user identification information, and the user identification information held in the holding unit. It has an authentication unit for collation. When the authentication unit confirms that the received user identification information is held in the holding unit, the authentication unit performs user authentication processing with the input device.
 本発明のさらに別の態様は、ユーザ操作信号を情報処理装置に送信する入力装置に接続される生体認証装置であって、1以上の登録ユーザの認証用データを保持する保持部と、ユーザの生体情報を受け付ける生体情報受付部と、生体情報受付部が受け付けた生体情報と、保持部に保持された認証用データとを照合する認証部と、認証部により認証されたユーザを識別するためのユーザ識別情報を入力装置に提供する提供部とを備える。 Yet another aspect of the present invention is a biometric authentication device that is connected to an input device that transmits a user operation signal to an information processing device, and a holding unit that holds authentication data for one or more registered users, and A biometric information receiving unit that receives biometric information, a biometric information received by the biometric information receiving unit, an authentication unit that collates the authentication data held in the holding unit, and a user that is authenticated by the authentication unit And a providing unit that provides the user identification information to the input device.
 なお、以上の構成要素の任意の組合せ、本発明の表現を方法、装置、システム、記録媒体、コンピュータプログラムなどの間で変換したものもまた、本発明の態様として有効である。 It should be noted that any combination of the above constituent elements and the expression of the present invention converted between a method, a device, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.
実施例にかかる情報処理システムを示す図である。It is a figure which shows the information processing system concerning an Example. 入力装置の外観構成を示す図である。It is a figure which shows the external appearance structure of an input device. 情報処理装置のハードウェア構成を示す図である。It is a figure which shows the hardware constitutions of an information processing apparatus. 入力装置と情報処理装置の機能ブロックを示す図である。It is a figure which shows the functional block of an input device and an information processing apparatus. 登録ユーザ情報保持部の保持内容の例を示す図である。It is a figure which shows the example of the holding content of a registered user information holding part. 画面例を示す図である。It is a figure which shows the example of a screen. ログインシーケンスの一例を示す図である。It is a figure which shows an example of a login sequence. 画面例を示す図である。It is a figure which shows the example of a screen. ログインシーケンスの別の例を示す図である。It is a figure which shows another example of a login sequence. 画面例を示す図である。It is a figure which shows the example of a screen. サーバ装置の機能ブロックを示す図である。It is a figure which shows the functional block of a server apparatus. 入力装置および生体認証装置の機能ブロックを示す図である。It is a figure which shows the functional block of an input device and a biometrics authentication apparatus.
 図1は、本発明の実施例にかかる情報処理システム1を示す。情報処理システム1は、ユーザ操作を入力するための入力装置6と、ユーザ操作を受け付けてアプリケーションなどを実行する情報処理装置10と、ネットワークサービスを含む様々なサービスをユーザに提供するサーバ装置5とを備える。アクセスポイント(以下、「AP」とよぶ)8は、無線アクセスポイントおよびルータの機能を有し、情報処理装置10は、無線または有線経由でAP8に接続して、ネットワーク3上のサーバ装置5と通信可能に接続する。 FIG. 1 shows an information processing system 1 according to an embodiment of the present invention. The information processing system 1 includes an input device 6 for inputting a user operation, an information processing device 10 that receives a user operation and executes an application, and a server device 5 that provides various services including a network service to a user. Equipped with. The access point (hereinafter, referred to as “AP”) 8 has a function of a wireless access point and a router, and the information processing device 10 connects to the AP 8 wirelessly or via a wire to connect with the server device 5 on the network 3. Connect to communicate.
 補助記憶装置2は、HDD(ハードディスクドライブ)やフラッシュメモリなどの大容量記憶装置であり、USB(Universal Serial Bus)などによって情報処理装置10と接続する外部記憶装置であってよく、また内蔵型記憶装置であってもよい。出力装置4は、画像を出力するディスプレイおよび音声を出力するスピーカを有するテレビであってよく、またコンピュータディスプレイであってもよい。情報処理装置10は、ユーザが操作する入力装置6と無線または有線で接続し、入力装置6は、ボタンやレバーなどの操作部の操作状態を示すユーザ操作信号を情報処理装置10に送信する。情報処理装置10は、入力装置6から取得したユーザ操作信号をOS(システムソフトウェア)やアプリケーションの処理に反映し、出力装置4から処理結果を出力させる。 The auxiliary storage device 2 is a large-capacity storage device such as an HDD (hard disk drive) or a flash memory, and may be an external storage device that is connected to the information processing device 10 by a USB (Universal Serial Bus) or the like, or a built-in storage It may be a device. The output device 4 may be a television having a display that outputs an image and a speaker that outputs audio, or may be a computer display. The information processing device 10 is connected to the input device 6 operated by the user wirelessly or by wire, and the input device 6 transmits a user operation signal indicating an operation state of an operation unit such as a button or a lever to the information processing device 10. The information processing device 10 reflects the user operation signal acquired from the input device 6 on the processing of the OS (system software) and the application, and causes the output device 4 to output the processing result.
 情報処理システム1において情報処理装置10はゲームを実行するゲーム装置であり、入力装置6はゲームコントローラなど情報処理装置10に対してユーザの操作信号を供給する機器であってよい。撮像装置であるカメラ7は出力装置4の近傍に設けられ、出力装置4周辺の空間を撮像する。カメラ7は、ステレオカメラであってもよい。 In the information processing system 1, the information processing device 10 may be a game device that executes a game, and the input device 6 may be a device such as a game controller that supplies a user operation signal to the information processing device 10. The camera 7, which is an imaging device, is provided near the output device 4 and images the space around the output device 4. The camera 7 may be a stereo camera.
 サーバ装置5は、情報処理システム1のユーザに対してネットワークサービスを提供する。サーバ装置5は、各ユーザを識別するネットワークアカウント(ユーザ識別情報)を管理しており、各ユーザは、ネットワークアカウントを用いてネットワークサービスにサインインする。ユーザは情報処理装置10からネットワークサービスにサインインすることで、サーバ装置5に、ゲームのセーブデータや、またゲームプレイ中に獲得した仮想的な表彰品であるトロフィを登録できる。サーバ装置5は、ネットワークアカウントに紐付けて、ユーザのアイコンや、ネットワーク上のニックネーム(オンラインID)、サインインパスワード等のプロファイル情報をユーザDBに保持する。 The server device 5 provides a network service to the user of the information processing system 1. The server device 5 manages a network account (user identification information) that identifies each user, and each user signs in to the network service using the network account. By signing in to the network service from the information processing device 10, the user can register game save data and a trophy, which is a virtual award obtained during the game play, in the server device 5. The server device 5 holds profile information such as a user icon, a nickname (online ID) on the network, and a sign-in password in the user DB in association with the network account.
 入力装置6のボタン構成について説明する。
 図2は、入力装置上面の外観構成を示す。ユーザは左手で左側把持部78bを把持し、右手で右側把持部78aを把持して、入力装置6を操作する。入力装置6の筐体上面には、方向キー71、アナログスティック77a、77bと、4種の操作ボタン76が設けられている。4種のボタン72~75には、それぞれを区別するために、異なる色で異なる図形が記されており、○ボタン72には赤色の丸、×ボタン73には青色のバツ、□ボタン74には紫色の四角形、△ボタン75には緑色の三角形が記されている。 The button configuration of the input device 6 will be described.
FIG. 2 shows an external configuration of the upper surface of the input device. The user grips the left grip 78b with the left hand and the right grip 78a with the right hand to operate the input device 6. A direction key 71, analog sticks 77a and 77b, and four types of operation buttons 76 are provided on the upper surface of the housing of the input device 6. In order to distinguish each of the four types of buttons 72 to 75, different figures are written in different colors. The ○ button 72 is a red circle, the × button 73 is a blue cross, and the □ button 74 is a square. Is a purple square, and the triangle button 75 is a green triangle.
 2つのアナログスティック77a、77bの間に機能ボタン80が設けられる。機能ボタン80は、入力装置6の電源をオンし、同時に入力装置6と情報処理装置10とを接続する通信機能をアクティブにするために使用される。なお情報処理装置10のメイン電源がオフとなっている場合、機能ボタン80が押下されると、情報処理装置10は、入力装置6から送信される接続要求を、メイン電源をオンにするための指示としても受け付け、これにより情報処理装置10のメイン電源がオンとなる。入力装置6が情報処理装置10と接続した後は、機能ボタン80は、情報処理装置10にホーム画面を表示させるためにも使用される。 A function button 80 is provided between the two analog sticks 77a and 77b. The function button 80 is used to turn on the power of the input device 6 and simultaneously activate the communication function for connecting the input device 6 and the information processing device 10. When the function button 80 is pressed while the main power of the information processing device 10 is off, the information processing device 10 sends a connection request transmitted from the input device 6 for turning on the main power. The instruction is also accepted, and the main power of the information processing device 10 is turned on. After the input device 6 is connected to the information processing device 10, the function button 80 is also used to cause the information processing device 10 to display the home screen.
 方向キー71と操作ボタン76の間の平坦な領域には、タッチパッド79が設けられる。タッチパッド79は、ユーザが押すことで下方に沈み込み、またユーザが手を離すと元の位置に復帰する押下式ボタンとしても機能する。平坦領域には、ユーザの指紋情報を受け付ける指紋センサ79aが設けられてよい。ユーザは情報処理装置10にログインする際や、ネットワークサービスにより本人確認が要求される際に、指紋センサ79aに指を置くことで、指紋認証による本人確認を実施される。なお指紋センサ79aは、ユーザの生体情報を受け付ける生体情報受付部の一例であって、他の種類のセンサが設けられてもよい。 A touch pad 79 is provided in a flat area between the direction key 71 and the operation button 76. The touch pad 79 also functions as a push-down button that sinks downward when the user presses it and returns to the original position when the user releases the hand. A fingerprint sensor 79a that receives user's fingerprint information may be provided in the flat area. When the user logs in to the information processing device 10 or when the identity verification is requested by the network service, the user puts a finger on the fingerprint sensor 79a to perform identity verification by fingerprint authentication. The fingerprint sensor 79a is an example of a biometric information receiving unit that receives biometric information of the user, and another type of sensor may be provided.
 SHAREボタン81は、タッチパッド79と方向キー71の間に設けられる。SHAREボタン81は、情報処理装置10におけるOSないしはシステムソフトウェアに対するユーザからの指示を入力するために利用される。またOPTIONSボタン82は、タッチパッド79と操作ボタン76の間に設けられる。OPTIONSボタン82は、情報処理装置10において実行されるアプリケーション(ゲーム)に対するユーザからの指示を入力するために利用される。 The SHARE button 81 is provided between the touch pad 79 and the direction key 71. The SHARE button 81 is used to input an instruction from the user to the OS or system software in the information processing device 10. The OPTIONS button 82 is provided between the touch pad 79 and the operation button 76. The OPTIONS button 82 is used to input an instruction from the user to an application (game) executed in the information processing device 10.
 図3は、情報処理装置10のハードウェア構成を示す。情報処理装置10は、メイン電源ボタン20、電源ON用LED21、スタンバイ用LED22、システムコントローラ24、クロック26、デバイスコントローラ30、メディアドライブ32、USBモジュール34、フラッシュメモリ36、無線通信モジュール38、有線通信モジュール40、サブシステム50およびメインシステム60を有して構成される。 FIG. 3 shows a hardware configuration of the information processing device 10. The information processing device 10 includes a main power button 20, a power ON LED 21, a standby LED 22, a system controller 24, a clock 26, a device controller 30, a media drive 32, a USB module 34, a flash memory 36, a wireless communication module 38, and wired communication. It has a module 40, a subsystem 50, and a main system 60.
 メインシステム60は、メインCPU(Central Processing Unit)、主記憶装置であるメモリおよびメモリコントローラ、GPU(Graphics Processing Unit)などを備える。GPUはゲームプログラムの演算処理に主として利用される。これらの機能はシステムオンチップとして構成されて、1つのチップ上に形成されてよい。メインCPUはOSを起動し、OSが提供する環境下において、補助記憶装置2にインストールされたアプリケーションを実行する機能をもつ。 The main system 60 includes a main CPU (Central Processing Unit), a memory and a memory controller that are main storage devices, and a GPU (Graphics Processing Unit). The GPU is mainly used for arithmetic processing of game programs. These functions may be configured as a system on chip and formed on one chip. The main CPU has a function of starting the OS and executing the application installed in the auxiliary storage device 2 under the environment provided by the OS.
 サブシステム50は、サブCPU、主記憶装置であるメモリおよびメモリコントローラなどを備え、GPUを備えない。サブCPUは、メインCPUがスタンバイ状態にある間においても動作するものであり、消費電力を低く抑えるべく、その処理機能を制限されている。なおサブCPUおよびメモリは、別個のチップに形成されてもよい。 The subsystem 50 includes a sub CPU, a memory that is a main storage device, a memory controller, and the like, and does not include a GPU. The sub CPU operates even while the main CPU is in the standby state, and its processing function is limited in order to keep the power consumption low. The sub CPU and the memory may be formed on separate chips.
 メイン電源ボタン20は、ユーザからの操作入力が行われる入力部であって、情報処理装置10の筐体の前面に設けられ、情報処理装置10のメインシステム60への電源供給をオンまたはオフするために操作される。メイン電源がオン状態にあるとは、メインシステム60がアクティブ状態にあることを意味し、メイン電源がオフ状態にあるとは、メインシステム60がスタンバイ状態にあることを意味する。電源ON用LED21は、メイン電源ボタン20がオンされたときに点灯し、スタンバイ用LED22は、メイン電源ボタン20がオフされたときに点灯する。 The main power button 20 is an input unit through which a user inputs an operation, is provided on the front surface of the housing of the information processing device 10, and turns on or off the power supply to the main system 60 of the information processing device 10. Be operated for. The main power supply being in the ON state means that the main system 60 is in the active state, and the main power supply being in the OFF state means that the main system 60 is in the standby state. The power-on LED 21 lights up when the main power button 20 is turned on, and the standby LED 22 lights up when the main power button 20 is turned off.
 システムコントローラ24は、ユーザによるメイン電源ボタン20の押下を検出する。メイン電源がオフ状態にあるときにメイン電源ボタン20が押下されると、システムコントローラ24は、その押下操作を「オン指示」として取得し、一方で、メイン電源がオン状態にあるときにメイン電源ボタン20が押下されると、システムコントローラ24は、その押下操作を「オフ指示」として取得する。 The system controller 24 detects pressing of the main power button 20 by the user. When the main power button 20 is pressed while the main power is in the off state, the system controller 24 acquires the pressing operation as an "on instruction", while the main power is on when the main power is in the on state. When the button 20 is pressed, the system controller 24 acquires the pressing operation as an “off instruction”.
 メインCPUは補助記憶装置2やROM媒体44にインストールされているゲームプログラムを実行する機能をもつ一方で、サブCPUはそのような機能をもたない。しかしながらサブCPUは補助記憶装置2にアクセスする機能、サーバ装置5との間でデータを送受信する機能を有している。サブCPUは、このような制限された処理機能のみを有して構成されており、したがってメインCPUと比較して小さい消費電力で動作できる。これらのサブCPUの機能は、メインCPUがスタンバイ状態にある際に実行される。実施例の情報処理装置10は、メインシステム60のスタンバイ時にはサブシステム50が稼働しているため、サーバ装置5が提供するネットワークサービスに、常時サインインした状態を維持する。 The main CPU has a function of executing the game program installed in the auxiliary storage device 2 or the ROM medium 44, while the sub CPU does not have such a function. However, the sub CPU has a function of accessing the auxiliary storage device 2 and a function of transmitting / receiving data to / from the server device 5. The sub CPU is configured to have only such a limited processing function, and thus can operate with less power consumption than the main CPU. The functions of these sub CPUs are executed when the main CPU is in the standby state. Since the subsystem 50 is operating when the main system 60 is in the standby state, the information processing apparatus 10 according to the embodiment maintains the state of always being signed in to the network service provided by the server apparatus 5.
 クロック26はリアルタイムクロックであって、現在の日時情報を生成し、システムコントローラ24やサブシステム50およびメインシステム60に供給する。 The clock 26 is a real-time clock that generates current date and time information and supplies it to the system controller 24, the subsystem 50, and the main system 60.
 デバイスコントローラ30は、サウスブリッジのようにデバイス間の情報の受け渡しを実行するLSI(Large-Scale Integrated Circuit)として構成される。図示のように、デバイスコントローラ30には、システムコントローラ24、メディアドライブ32、USBモジュール34、フラッシュメモリ36、無線通信モジュール38、有線通信モジュール40、サブシステム50およびメインシステム60などのデバイスが接続される。デバイスコントローラ30は、それぞれのデバイスの電気特性の違いやデータ転送速度の差を吸収し、データ転送のタイミングを制御する。 The device controller 30 is configured as an LSI (Large-Scale Integrated Circuit) that transfers information between devices like a south bridge. As illustrated, devices such as the system controller 24, the media drive 32, the USB module 34, the flash memory 36, the wireless communication module 38, the wired communication module 40, the subsystem 50, and the main system 60 are connected to the device controller 30. It The device controller 30 absorbs the difference in the electrical characteristics of each device and the difference in the data transfer rate, and controls the timing of data transfer.
 メディアドライブ32は、ゲームなどのアプリケーションソフトウェア、およびライセンス情報を記録したROM媒体44を装着して駆動し、ROM媒体44からプログラムやデータなどを読み出すドライブ装置である。ROM媒体44は、光ディスクや光磁気ディスク、ブルーレイディスクなどの読出専用の記録メディアである。 The media drive 32 is a drive device in which a ROM medium 44 recording application software such as a game and license information is mounted and driven, and programs and data are read from the ROM medium 44. The ROM medium 44 is a read-only recording medium such as an optical disc, a magneto-optical disc, or a Blu-ray disc.
 USBモジュール34は、外部機器とUSBケーブルで接続するモジュールである。USBモジュール34は補助記憶装置2およびカメラ7とUSBケーブルで接続してもよい。フラッシュメモリ36は、内部ストレージを構成する補助記憶装置である。無線通信モジュール38は、Bluetooth(登録商標)プロトコルやIEEE802.11プロトコルなどの通信プロトコルで、たとえば入力装置6と無線通信する。有線通信モジュール40は、外部機器と有線通信し、たとえばAP8を介してネットワーク3に接続する。 The USB module 34 is a module that connects to an external device with a USB cable. The USB module 34 may be connected to the auxiliary storage device 2 and the camera 7 with a USB cable. The flash memory 36 is an auxiliary storage device that constitutes an internal storage. The wireless communication module 38 wirelessly communicates with the input device 6 using a communication protocol such as a Bluetooth (registered trademark) protocol or an IEEE 802.11 protocol. The wired communication module 40 performs wired communication with an external device and connects to the network 3 via the AP 8, for example.
 実施例の情報処理装置10は、少なくとも2種類のログイン処理を用意している。以下、2種類のログイン処理の概要を説明する。 The information processing apparatus 10 of the embodiment has at least two types of login processing. The outline of the two types of login processing will be described below.
<ログイン処理1>
 ログイン処理1は、ユーザがユーザ選択画面において、入力装置6を操作して自分のアイコンを選択し、ログイン用パスコードを入力することで、情報処理装置10がユーザ認証を行い、ユーザをログインさせる処理である。
<ログイン処理2>
 ログイン処理2は、ユーザが指紋センサ79aに指をあてると、入力装置6が指紋照合によるユーザ認証を行い、情報処理装置10側ではユーザ識別情報を用いたユーザ認証を行って、ユーザをログインさせる処理である。 <Login process 1>
In the login process 1, the user operates the input device 6 to select his / her icon on the user selection screen and inputs the login passcode, so that the information processing device 10 authenticates the user and logs in the user. Processing.
<Login process 2>
In the login processing 2, when the user puts a finger on the fingerprint sensor 79a, the input device 6 authenticates the user by fingerprint collation, and the information processing device 10 side authenticates the user using the user identification information to log the user in. Processing.
 ログイン処理1では、情報処理装置10がログイン用パスコードを用いたユーザ認証を行うのに対し、ログイン処理2では、ユーザ認証が入力装置6および情報処理装置10の双方で行われる点で、両者は異なっている。ログイン処理1、2を比較すると、ログイン処理2の方が、ユーザは指紋センサ79aに指をあてるだけでよいため、ユーザにとって簡易なログイン手法であると言える。 In the login process 1, the information processing device 10 performs user authentication using the login passcode, whereas in the login process 2, user authentication is performed by both the input device 6 and the information processing device 10. Are different. Comparing the login processes 1 and 2, it can be said that the login process 2 is a simple login method for the user because the user only needs to put his / her finger on the fingerprint sensor 79a.
 図4は、入力装置6と情報処理装置10の機能ブロックを示す。入力装置6は、指紋センサ79a、指紋認証部84、認証用データ保持部85、鍵生成部86、操作部87、制御部88、登録ユーザ情報保持部89および通信部90を備える。操作部87は、図2に示したボタン等の操作部材を表現する。情報処理装置10は、制御部100、通信部102および登録ユーザ情報保持部120を備え、制御部100は、ユーザ認証部110、ログイン処理部112およびアプリケーション実行部114を有する。通信部102は、図3に示す無線通信モジュール38および有線通信モジュール40の機能を示す。アプリケーション実行部114は、ゲームなどのアプリケーションを実行する。 FIG. 4 shows functional blocks of the input device 6 and the information processing device 10. The input device 6 includes a fingerprint sensor 79a, a fingerprint authentication unit 84, an authentication data holding unit 85, a key generation unit 86, an operation unit 87, a control unit 88, a registered user information holding unit 89, and a communication unit 90. The operation unit 87 represents an operation member such as the button shown in FIG. The information processing device 10 includes a control unit 100, a communication unit 102, and a registered user information holding unit 120, and the control unit 100 includes a user authentication unit 110, a login processing unit 112, and an application execution unit 114. The communication unit 102 has the functions of the wireless communication module 38 and the wired communication module 40 shown in FIG. The application execution unit 114 executes an application such as a game.
 図4において、さまざまな処理を行う機能ブロックとして記載される各要素は、ハードウェア的には、回路ブロック、メモリ、その他のLSIで構成することができ、ソフトウェア的には、メモリにロードされたプログラムなどによって実現される。したがって、これらの機能ブロックがハードウェアのみ、ソフトウェアのみ、またはそれらの組合せによっていろいろな形で実現できることは当業者には理解されるところであり、いずれかに限定されるものではない。 In FIG. 4, each element described as a functional block that performs various processes can be configured by a circuit block, a memory, and other LSI in terms of hardware, and loaded in the memory in terms of software. It is realized by a program. Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by only hardware, only software, or a combination thereof, and the present invention is not limited to them.
 実施例の情報処理装置10は、ユーザの好適なログイン動作を支援することを1つの特徴とする。ユーザは、情報処理装置10のOSにログインするために、その前提として、ログインアカウントを取得して、情報処理装置10に必要なユーザ情報を登録している必要がある。以下、ログインアカウントを情報処理装置10に登録したユーザを、「登録ユーザ」とも呼ぶ。 The information processing apparatus 10 according to the embodiment is characterized by supporting a suitable login operation of the user. In order to log in to the OS of the information processing device 10, the user needs to acquire a login account and register necessary user information in the information processing device 10 as a prerequisite. Hereinafter, a user who has registered a login account in the information processing device 10 is also referred to as a “registered user”.
 登録ユーザ情報保持部120は、情報処理装置10に登録された1以上のユーザに関する様々な情報を保持し、具体的には、ログインアカウントに関連付けて、ログイン用パスコード、サーバ装置5にサインインするためのネットワークアカウント(ネットワーク上のユーザ識別情報)、サインインID(eメールアドレス)、オンラインID(ネットワーク上のニックネーム)、またユーザを表現するためのユーザアイコン(アバター)などを、登録ユーザ情報として保持している。 The registered user information holding unit 120 holds various information regarding one or more users registered in the information processing device 10, and specifically, associates with a login account, a login passcode, and a sign-in to the server device 5. Registered user information such as network account (user identification information on the network), sign-in ID (email address), online ID (nickname on the network), user icon (avatar) for expressing the user Holds as.
 実施例のログイン処理2における指紋認証は、入力装置6内で実行され、情報処理装置10は関与しない。そのため登録ユーザ情報保持部120は、ユーザの指紋に関する情報を保持しない。指紋認証を入力装置6内で完結させることで、ユーザの指紋画像データが入力装置6から情報処理装置10に送信されることがなく、したがって入力装置6と情報処理装置10の間の通信経路で指紋情報が第三者に傍受されるリスクがない。 The fingerprint authentication in the login process 2 of the embodiment is executed in the input device 6 and the information processing device 10 is not involved. Therefore, the registered user information holding unit 120 does not hold information about the user's fingerprint. By completing the fingerprint authentication in the input device 6, the user's fingerprint image data is not transmitted from the input device 6 to the information processing device 10, and therefore, in the communication path between the input device 6 and the information processing device 10. There is no risk of fingerprint information being intercepted by a third party.
 入力装置6において、認証用データ保持部85は、1以上の登録ユーザの認証用データを保持する。認証用データ保持部85は、複数の登録ユーザの認証用データを保持してよい。認証用データは、指紋画像の特徴データであってよいが、指紋画像データそのものであってもよい。認証用データは、指紋認証部84による指紋照合において比較対象とされるデータであり、指紋認証部84が採用する指紋認識アルゴリズムにしたがって生成される。たとえば認証用データは、指紋の分岐点、端点や中心点などの特徴点の位置、特徴点間の隆線数などを抽出したデータであってよい。どのような認証用データが必要であるかは、指紋認証部84が採用する指紋認識アルゴリズムによって定まる。 In the input device 6, the authentication data holding unit 85 holds the authentication data of one or more registered users. The authentication data holding unit 85 may hold the authentication data of a plurality of registered users. The authentication data may be the fingerprint image feature data, but may be the fingerprint image data itself. The authentication data is data to be compared in fingerprint collation by the fingerprint authentication unit 84, and is generated according to the fingerprint recognition algorithm adopted by the fingerprint authentication unit 84. For example, the authentication data may be data obtained by extracting the branch points of fingerprints, the positions of feature points such as end points and center points, and the number of ridges between feature points. What kind of authentication data is required depends on the fingerprint recognition algorithm adopted by the fingerprint authentication unit 84.
<認証用データの登録処理>
 指紋認証ログインのために、ユーザは、自分の指紋の認証用データを入力装置6に登録する。制御部88は、指紋を登録するユーザを特定した状態のもとで、認証用データの登録処理を実施する。ここでは、情報処理装置10の登録ユーザであるユーザAが、指紋を登録する。ユーザAが指を指紋センサ79aに置くと、指紋センサ79aはユーザAの指紋情報を受け付ける。指紋センサ79aは指紋情報として、指紋画像を取得してよい。指紋認証部84は、指紋センサ79aが受け付けた指紋情報から、認証用データを生成する。制御部88は、認証用データを、指IDに関連づけて認証用データ保持部85に保持させる。ここで指IDは、認証用データ登録の順番を示す。したがって最初に登録された認証用データには、指ID「1」が、2番目に登録された認証用データには、指ID「2」が割り当てられる。 <Registration process of authentication data>
For fingerprint authentication login, the user registers his / her fingerprint authentication data in the input device 6. The control unit 88 performs the registration process of the authentication data under the state where the user who registers the fingerprint is specified. Here, the user A who is the registered user of the information processing apparatus 10 registers the fingerprint. When the user A puts his / her finger on the fingerprint sensor 79a, the fingerprint sensor 79a receives the fingerprint information of the user A. The fingerprint sensor 79a may acquire a fingerprint image as fingerprint information. The fingerprint authentication unit 84 generates authentication data from the fingerprint information received by the fingerprint sensor 79a. The control unit 88 causes the authentication data holding unit 85 to hold the authentication data in association with the finger ID. Here, the finger ID indicates the order of registration of the authentication data. Therefore, the finger ID “1” is assigned to the authentication data registered first, and the finger ID “2” is assigned to the authentication data registered second.
 制御部88は、認証用データ保持部85にユーザAの認証用データを保持させると、登録ユーザ情報保持部89に、ユーザAの指IDに対応付けて、ユーザAを識別するための識別情報を記憶させる。制御部88は、認証用データの登録後にユーザ識別情報を情報処理装置10から取得してもよいが、登録前に取得しておいてもよい。情報処理装置10において、登録ユーザ情報保持部120は、ユーザAを識別可能な様々なユーザ情報を保持しているが、制御部88は、ネットワーク上でユーザを識別するためのネットワークアカウントを取得する。ネットワークアカウントをユーザ識別情報として登録ユーザ情報保持部89に登録しておくことで、後述するように、ログイン時だけでなく、ネットワークサービスにおける本人確認の場面でも指紋認証を利用できるようになる。 When the authentication data holding unit 85 holds the authentication data of the user A, the control unit 88 causes the registered user information holding unit 89 to associate the user A's finger ID with the identification information for identifying the user A. Memorize The control unit 88 may acquire the user identification information from the information processing device 10 after registration of the authentication data, but may acquire it before registration. In the information processing device 10, the registered user information holding unit 120 holds various user information that can identify the user A, but the control unit 88 acquires a network account for identifying the user on the network. . By registering the network account in the registered user information holding unit 89 as the user identification information, the fingerprint authentication can be used not only at the time of login but also at the scene of identity verification in the network service, as described later.
 また制御部88は、鍵生成部86に、指紋認証に付随するユーザ認証で使用するための秘密鍵と公開鍵を生成させる。鍵生成部86は、ユーザAの秘密鍵(PRI_Key_A)と公開鍵(PUB_Key_A)を生成し、制御部88は、登録ユーザ情報保持部89に、ユーザAの指IDに対応付けて、ユーザAのために生成した秘密鍵(PRI_Key_A)と公開鍵(PUB_Key_A)を記憶させる。 The control unit 88 also causes the key generation unit 86 to generate a private key and a public key for use in user authentication accompanying fingerprint authentication. The key generation unit 86 generates a private key (PRI_Key_A) and a public key (PUB_Key_A) of the user A, and the control unit 88 associates the registered user information holding unit 89 with the finger ID of the user A and associates it with the finger ID of the user A. The private key (PRI_Key_A) and the public key (PUB_Key_A) generated for this purpose are stored.
 登録ユーザ情報保持部89は、ユーザAの指IDに対応付けて、ユーザAのネットワークアカウント(NW_ID_A)、秘密鍵(PRI_Key_A)、公開鍵(PUB_Key_A)を保持する。登録ユーザ情報保持部89は、指紋の認証用データを認証用データ保持部85に登録した全てのユーザの情報を保持する。 The registered user information holding unit 89 holds the network account (NW_ID_A) of the user A, the secret key (PRI_Key_A), and the public key (PUB_Key_A) in association with the finger ID of the user A. The registered user information holding unit 89 holds information of all users who have registered the fingerprint authentication data in the authentication data holding unit 85.
 図5は、登録ユーザ情報保持部89の保持内容の例を示す。この例では、指ID「1」に、ユーザAの情報が、指ID「2」に、ユーザBの情報が、指ID「3」に、ユーザCの情報が、それぞれ対応付けられている。 FIG. 5 shows an example of contents stored in the registered user information storage unit 89. In this example, the finger ID “1” is associated with the user A information, the finger ID “2” is associated with the user B information, the finger ID “3” is associated with the user C information, respectively.
 制御部88は、鍵生成部86によりユーザAの秘密鍵および公開鍵が生成されると、指IDに対応付けて登録ユーザ情報保持部89に記憶させるとともに、通信部90から公開鍵を、ユーザAのネットワークアカウントとともに、情報処理装置10経由でサーバ装置5に送信させる。通信部90は公開鍵を情報処理装置10に送信するが、情報処理装置10は中継するだけで、公開鍵を取得しない。サーバ装置5は、公開鍵およびネットワークアカウントを受信すると、ユーザDBに、ユーザAのネットワークアカウントに関連づけて公開鍵を記憶する。サーバ装置5は、公開鍵を登録すると、情報処理装置10に転送し、したがって情報処理装置10は、登録ユーザ情報保持部120に、ユーザAのログインアカウントに対応付けて公開鍵を記憶させる。以上により、認証用データの登録処理が終了する。なお実施例で情報処理装置10は公開鍵をサーバ装置5から取得して記憶するが、通信部90から送信されたときに取得して記憶してもよい。 When the secret key and the public key of the user A are generated by the key generation unit 86, the control unit 88 causes the registered user information holding unit 89 to store the public key in association with the finger ID, and the public key from the communication unit 90 to the user. Along with the network account of A, it is transmitted to the server device 5 via the information processing device 10. The communication unit 90 transmits the public key to the information processing device 10, but the information processing device 10 only relays and does not acquire the public key. Upon receiving the public key and the network account, the server device 5 stores the public key in the user DB in association with the network account of the user A. When the server device 5 registers the public key, the server device 5 transfers the public key to the information processing device 10. Therefore, the information processing device 10 causes the registered user information holding unit 120 to store the public key in association with the login account of the user A. With the above, the registration process of the authentication data is completed. Although the information processing device 10 acquires and stores the public key from the server device 5 in the embodiment, the information processing device 10 may acquire and store the public key when transmitted from the communication unit 90.
 ログイン処理部112は、指紋認証部84による生体認証を経由しないログイン処理1と、指紋認証部84による生体認証を経由するログイン処理2とを選択的に実施する。以下、ユーザAが情報処理装置10にログインする際の手順を説明する。
<ログイン処理1>
 ユーザAが入力装置6の所定のボタン(たとえば機能ボタン80)を押下すると、通信部90が、その押下情報を情報処理装置10に送信する。情報処理装置10において、通信部102が押下情報を接続要求として受け付けて、入力装置6の通信部90と情報処理装置10の通信部102とが接続する。なお情報処理装置10のメイン電源がオフとなっている場合には、機能ボタン80の押下情報により情報処理装置10のメイン電源がオンとなった後、通信部102が通信部90と接続する。機能ボタン80の押下情報はログイン処理部112に伝達され、ログイン処理部112は、この押下情報を、ユーザからのログイン要求として受け付ける。 The login processing unit 112 selectively performs the login process 1 that does not pass through the biometric authentication by the fingerprint authentication unit 84 and the login process 2 that passes through the biometric authentication by the fingerprint authentication unit 84. Hereinafter, a procedure when the user A logs in to the information processing device 10 will be described.
<Login process 1>
When the user A presses a predetermined button (for example, the function button 80) of the input device 6, the communication unit 90 transmits the pressed information to the information processing device 10. In the information processing device 10, the communication unit 102 receives the pressing information as a connection request, and the communication unit 90 of the input device 6 and the communication unit 102 of the information processing device 10 are connected. When the main power supply of the information processing apparatus 10 is off, the communication unit 102 connects to the communication unit 90 after the main power supply of the information processing apparatus 10 is turned on according to the pressing information of the function button 80. The pressing information of the function button 80 is transmitted to the login processing unit 112, and the login processing unit 112 receives the pressing information as a login request from the user.
 ログイン処理部112は、登録ユーザ情報保持部120に保持されている登録ユーザ情報を読み出し、情報処理装置10に登録されたユーザを選択するための選択画面を出力装置4に表示する。この選択画面は、ログイン処理1におけるログイン画面を構成する。 The login processing unit 112 reads out the registered user information held in the registered user information holding unit 120, and displays a selection screen for selecting a user registered in the information processing device 10 on the output device 4. This selection screen constitutes the login screen in the login process 1.
 図6(a)は、ユーザ選択画面の一例を示す。ログイン処理部112は、登録ユーザ情報保持部120から登録ユーザのユーザアイコンおよびオンラインIDを読み出し、読み出したユーザアイコンおよびオンラインID(以下、「ユーザ特定情報」とも呼ぶ)をリスト形式でユーザが選択可能に表示する。 FIG. 6A shows an example of the user selection screen. The login processing unit 112 reads the user icon and online ID of the registered user from the registered user information holding unit 120, and the user can select the read user icon and online ID (hereinafter also referred to as “user identification information”) in a list format. To display.
 ログイン処理部112は、1つのユーザ特定情報を取り囲むフォーカス枠200をリスト上で移動可能に表示する。ユーザAは入力装置6の操作部87を操作してフォーカス枠200を自分のユーザ特定情報の表示領域に動かし、入力装置6の決定ボタン(○ボタン72)を押すことで、自分のユーザ特定情報を選択する。 The login processing unit 112 movably displays a focus frame 200 surrounding one piece of user identification information on the list. The user A operates the operation unit 87 of the input device 6 to move the focus frame 200 to the display area of his / her user identification information, and presses the enter button (○ button 72) of the input device 6 to obtain his / her user identification information. Select.
 ユーザAが「SABURO」を選択すると、ログイン処理部112は、図6(b)に示すパスコードの入力画面を出力装置4に表示する。ユーザAはパスコードを入力し、ユーザ認証部110は、登録ユーザ情報保持部120に保持されているユーザAのログイン用パスコードと同じであるか判定して、ユーザAのログインの許否を判定する。ログイン用パスコードが正しい場合、ユーザ認証部110は、ユーザ認証に成功したことをログイン処理部112に通知し、ログイン処理部112は、ユーザAを情報処理装置10にログインさせる。 When the user A selects “SABURO”, the login processing unit 112 displays the passcode input screen shown in FIG. 6B on the output device 4. The user A inputs the passcode, and the user authentication unit 110 determines whether or not it is the same as the login passcode of the user A held in the registered user information holding unit 120, and determines whether or not the login of the user A is permitted. To do. When the login passcode is correct, the user authentication unit 110 notifies the login processing unit 112 that the user authentication has been successful, and the login processing unit 112 logs the user A into the information processing apparatus 10.
<ログイン処理2>
 図6(a)のユーザ選択画面の上段にテキスト表示されているように、指紋登録しているユーザAは、入力装置6の指紋センサ79aに指を置くだけで、ログインできる。
 図7は、ログイン処理2のシーケンスの一例を示す。図6(a)に示すユーザ選択画面の表示中、指紋センサ79aは、指紋情報を受け付け可能な状態を維持する(S10のN)。ユーザAが指紋センサ79aに指を配置すると、指紋センサ79aは、ユーザAの指紋情報を受け付け(S10のY)、指紋認証部84に供給する。指紋認証部84は、指紋センサ79aが受け付けた指紋情報と、認証用データ保持部85に保持された1以上の登録ユーザの認証用データを照合して、ユーザAが登録ユーザであることを認証する(S12のY)。なお仮にユーザAが指紋登録をしていなければ、指紋認証部84は、ユーザ認証に失敗する(S12のN)。 <Login process 2>
As the text is displayed in the upper part of the user selection screen of FIG. 6A, the user A who has registered the fingerprint can log in simply by placing his / her finger on the fingerprint sensor 79 a of the input device 6.
FIG. 7 shows an example of the sequence of the login process 2. During the display of the user selection screen shown in FIG. 6A, the fingerprint sensor 79a maintains a state in which it can accept fingerprint information (N in S10). When the user A places his / her finger on the fingerprint sensor 79a, the fingerprint sensor 79a receives the fingerprint information of the user A (Y of S10) and supplies it to the fingerprint authentication unit 84. The fingerprint authentication unit 84 verifies the fingerprint information received by the fingerprint sensor 79a and the authentication data of one or more registered users held in the authentication data holding unit 85 to authenticate that the user A is a registered user. Yes (Y of S12). If the user A has not registered the fingerprint, the fingerprint authentication unit 84 fails the user authentication (N in S12).
 指紋認証部84が指紋認証に成功すると、照合した認証用データの指IDを制御部88に通知する。制御部88は、登録ユーザ情報保持部89から、通知された指IDに対応付けられたネットワークアカウントを読み出す。ネットワークアカウントは、ユーザAを識別するためのユーザ識別情報である。通信部90は、ユーザAのネットワークアカウント(NW_ID_A)を、情報処理装置10に送信する(S14)。 When the fingerprint authentication unit 84 succeeds in fingerprint authentication, it notifies the control unit 88 of the finger ID of the verified authentication data. The control unit 88 reads out the network account associated with the notified finger ID from the registered user information holding unit 89. The network account is user identification information for identifying the user A. The communication unit 90 transmits the network account (NW_ID_A) of the user A to the information processing device 10 (S14).
 情報処理装置10において、通信部102は、ユーザAのネットワークアカウント(NW_ID_A)を受信する。ユーザ認証部110は、登録ユーザ情報保持部120を参照して、登録ユーザのネットワークアカウントとして、NW_ID_Aが保持されているか確認する。ここでユーザ認証部110は、受信したNW_ID_Aと、登録ユーザ情報保持部120に保持される1以上の登録ユーザのネットワークアカウントを照合する。登録ユーザ情報保持部120は、ユーザAのネットワークアカウントとして、NW_ID_Aを保持しており、ユーザ認証部110は、ログイン要求しているユーザがユーザAであることを認証する(S16)。このユーザ識別情報を用いた認証は、第1段階の認証である。 In the information processing device 10, the communication unit 102 receives the network account (NW_ID_A) of the user A. The user authentication unit 110 refers to the registered user information storage unit 120 and confirms whether NW_ID_A is stored as the network account of the registered user. Here, the user authentication unit 110 collates the received NW_ID_A with the network accounts of one or more registered users held in the registered user information holding unit 120. The registered user information holding unit 120 holds NW_ID_A as the network account of the user A, and the user authentication unit 110 authenticates that the user requesting login is the user A (S16). Authentication using this user identification information is the first stage authentication.
 続いてユーザ認証部110は、S16で認証したユーザが本当にユーザAであるか確認するために、別の手法によるユーザ認証処理を行う。このユーザ認証処理は、第2段階の認証であり、ユーザ認証部110は、公開鍵暗号を利用したチャレンジレスポンス方式の認証を実行する。 Subsequently, the user authentication unit 110 performs a user authentication process by another method in order to confirm whether the user authenticated in S16 is really the user A. This user authentication processing is the second-stage authentication, and the user authentication unit 110 executes challenge-response method authentication using public key encryption.
 ユーザ認証部110は、チャレンジと呼ばれる乱数を生成し(S18)、通信部102がチャレンジを通信部90に送信する(S20)。制御部88は、ユーザAの秘密鍵でチャレンジを暗号化し(S22)、通信部90が、暗号化されたチャレンジを、レスポンスとして通信部102に返信する(S24)。ユーザ認証部110は、ユーザAの公開鍵を用いてレスポンスを復号し(S26)、復号した結果がチャレンジと一致していれば、ログイン要求しているユーザAの本人確認を完了する(S28)。情報処理装置10における2回のユーザ認証の後、ログイン処理部112は、ユーザAをログインさせる(S30)。 The user authentication unit 110 generates a random number called a challenge (S18), and the communication unit 102 transmits the challenge to the communication unit 90 (S20). The control unit 88 encrypts the challenge with the secret key of the user A (S22), and the communication unit 90 returns the encrypted challenge to the communication unit 102 as a response (S24). The user authentication unit 110 decrypts the response using the public key of the user A (S26), and if the decrypted result matches the challenge, the identity verification of the user A requesting the login is completed (S28). . After the user authentication is performed twice in the information processing device 10, the login processing unit 112 logs in the user A (S30).
 図8は、ログイン時にログイン処理部112が表示する画面の例を示す。ユーザAは、指を指紋センサ79aにかざすだけで、情報処理装置10にログインできる。実施例の指紋認証処理では、ユーザAの指紋情報は入力装置6から外部に送信されない。そのため情報処理システム1では、入力装置6および情報処理装置10の間の通信経路で指紋情報が第三者に傍受されるリスクがなく、指紋認証の安全性を確保できる。 FIG. 8 shows an example of a screen displayed by the login processing unit 112 when logging in. The user A can log in to the information processing apparatus 10 simply by holding his / her finger over the fingerprint sensor 79a. In the fingerprint authentication process of the embodiment, the fingerprint information of the user A is not transmitted from the input device 6 to the outside. Therefore, in the information processing system 1, there is no risk that fingerprint information is intercepted by a third party on the communication path between the input device 6 and the information processing device 10, and the security of fingerprint authentication can be secured.
 上記したように、ユーザAは、ログインアカウントを登録している情報処理装置10に、指紋認証ログインできる。以下では、ユーザAが、自分の指紋を登録した入力装置6を自宅から友人宅に持って行き、友人宅の情報処理装置10aで、友人と一緒にゲームをプレイする利用シーンを説明する。友人宅の情報処理装置10aには、当然のことながら、ユーザAのログインアカウントは登録されていない。 As described above, the user A can perform fingerprint authentication login to the information processing device 10 that has registered a login account. In the following, a usage scene in which the user A takes the input device 6 having his or her fingerprint registered from home to a friend's house and plays a game with the friend on the information processing device 10a in the friend's house will be described. Naturally, the login account of the user A is not registered in the information processing apparatus 10a at the friend's house.
 図9は、ログイン処理2のシーケンスの別の例を示す。この例では、ユーザAが、友人宅の情報処理装置10aにログインすることで、ユーザAは友人と一緒にゲームをプレイできる。なお情報処理装置10aは、図4に示す情報処理装置10と同じ構成および機能を備える。 FIG. 9 shows another example of the sequence of the login process 2. In this example, the user A can play the game together with the friend by logging in the information processing apparatus 10a at the friend's house. The information processing device 10a has the same configuration and function as the information processing device 10 shown in FIG.
 友人宅で、ユーザAが入力装置6の所定のボタン(たとえば機能ボタン80)を押下すると、通信部90が、その押下情報を情報処理装置10aに送信する。情報処理装置10aにおいて、通信部102が押下情報を接続要求として受け付けて、入力装置6の通信部90と情報処理装置10aの通信部102とが接続する。機能ボタン80の押下情報はログイン処理部112に伝達され、ログイン処理部112は、この押下情報を、ユーザからのログイン要求として受け付ける。 When user A presses a predetermined button (for example, function button 80) of input device 6 at a friend's house, communication unit 90 transmits the pressing information to information processing device 10a. In the information processing device 10a, the communication unit 102 receives the pressing information as a connection request, and the communication unit 90 of the input device 6 and the communication unit 102 of the information processing device 10a are connected. The pressing information of the function button 80 is transmitted to the login processing unit 112, and the login processing unit 112 receives the pressing information as a login request from the user.
 ログイン処理部112は、登録ユーザ情報保持部120に保持されている登録ユーザ情報を読み出し、情報処理装置10aに登録されたユーザを選択するための選択画面を出力装置4に表示する。この選択画面は、ログイン処理1におけるログイン画面を構成する。 The login processing unit 112 reads out the registered user information held in the registered user information holding unit 120, and displays a selection screen for selecting a user registered in the information processing device 10a on the output device 4. This selection screen constitutes the login screen in the login process 1.
 図10(a)は、ユーザ選択画面の例を示す。ログイン処理部112は、情報処理装置10aの登録ユーザ情報保持部120から登録ユーザのユーザアイコンおよびオンラインIDを読み出し、読み出したユーザアイコンおよびオンラインIDをリスト形式でユーザが選択可能に表示する。 FIG. 10A shows an example of the user selection screen. The login processing unit 112 reads the user icon and online ID of the registered user from the registered user information holding unit 120 of the information processing apparatus 10a, and displays the read user icon and online ID in a list format so that the user can select them.
 ログイン処理部112は、1つのユーザ特定情報を取り囲むフォーカス枠200をリスト上で移動可能に表示する。なおユーザAの情報は、友人宅の情報処理装置10aには登録されていないため、リストには、ユーザAの特定情報は含まれない。ユーザAは、フォーカス枠200を「新しいユーザ」の表示領域に動かし、入力装置6の決定ボタン(○ボタン72)を押し、必要な情報を入力することで、情報処理装置10aにログインアカウントを作成できる。しかしながら、この作業は、入力装置6を操作してテキスト入力する作業であり、手間がかかる。そこで情報処理システム1は、入力装置6が指紋認証することで、ユーザAが、友人宅の情報処理装置10aにも簡易にログインできる仕組みを提供する。 The login processing unit 112 movably displays a focus frame 200 surrounding one piece of user identification information on the list. Note that the information of the user A is not registered in the information processing device 10a of the friend's house, so the list does not include the specific information of the user A. User A creates a login account in information processing device 10a by moving focus frame 200 to the display area of "new user", pressing the enter button (○ button 72) of input device 6 and inputting the necessary information. it can. However, this work is a work of inputting a text by operating the input device 6, and is troublesome. Therefore, the information processing system 1 provides a mechanism in which the user A can easily log in to the information processing apparatus 10a at the friend's house by the fingerprint authentication of the input device 6.
 図10(a)に示すユーザ選択画面の表示中、入力装置6の指紋センサ79aは、指紋情報を受け付け可能な状態を維持する。ユーザAが指紋センサ79aに指を配置すると、指紋センサ79aは、ユーザAの指紋情報を受け付け(S40)、指紋認証部84に供給する。指紋認証部84は、指紋センサ79aが受け付けた指紋情報と、認証用データ保持部85に保持された1以上の登録ユーザの認証用データを照合して、ユーザAが登録ユーザであることを認証する(S42)。 During the display of the user selection screen shown in FIG. 10A, the fingerprint sensor 79a of the input device 6 maintains a state in which it can accept fingerprint information. When the user A places his or her finger on the fingerprint sensor 79a, the fingerprint sensor 79a receives the fingerprint information of the user A (S40) and supplies it to the fingerprint authentication unit 84. The fingerprint authentication unit 84 verifies the fingerprint information received by the fingerprint sensor 79a and the authentication data of one or more registered users held in the authentication data holding unit 85 to authenticate that the user A is a registered user. Yes (S42).
 指紋認証部84が指紋認証に成功すると、照合した認証用データの指IDを制御部88に通知する。制御部88は、登録ユーザ情報保持部89から、通知された指IDに対応付けられたネットワークアカウントを読み出す。ネットワークアカウントは、ユーザAを識別するためのユーザ識別情報である。通信部90は、ユーザAのネットワークアカウント(NW_ID_A)を、情報処理装置10aに送信する(S44)。 When the fingerprint authentication unit 84 succeeds in fingerprint authentication, it notifies the control unit 88 of the finger ID of the verified authentication data. The control unit 88 reads out the network account associated with the notified finger ID from the registered user information holding unit 89. The network account is user identification information for identifying the user A. The communication unit 90 transmits the network account (NW_ID_A) of the user A to the information processing device 10a (S44).
 情報処理装置10aにおいて、通信部102は、ユーザAのネットワークアカウント(NW_ID_A)を受信する。ユーザ認証部110は、登録ユーザ情報保持部120を参照して、登録ユーザのネットワークアカウントとして、NW_ID_Aが保持されているか確認する。上記したように、友人宅の情報処理装置10aには、NW_ID_Aは登録されていない。そのためユーザ認証部110は、ユーザAの認証に失敗する(S46)。ユーザAの認証に失敗すると、ログイン処理部112は、ユーザAのネットワークアカウント(NW_ID_A)を、サーバ装置5に送信する(S48)。 In the information processing device 10a, the communication unit 102 receives the network account (NW_ID_A) of the user A. The user authentication unit 110 refers to the registered user information storage unit 120 and confirms whether NW_ID_A is stored as the network account of the registered user. As described above, NW_ID_A is not registered in the information processing device 10a at the friend's house. Therefore, the user authentication unit 110 fails to authenticate the user A (S46). When the authentication of the user A fails, the login processing unit 112 transmits the network account (NW_ID_A) of the user A to the server device 5 (S48).
 図11は、サーバ装置5の機能ブロックを示す。サーバ装置5は、制御部150、通信部152およびユーザ情報保持部170を備え、制御部150は、ユーザ認証部160、ユーザ情報取得部162およびNWサービス提供部164を有する。サーバ装置5は、ユーザ認証機能を有し、その意味において情報処理装置と呼ぶこともできる。ユーザ情報保持部170は、ネットワークサービスを利用する全てのユーザのプロファイル情報およびセーブデータ等を保持するユーザDBである。ユーザ情報保持部170は、ユーザのネットワークアカウントに対応付けて、サインインID、オンラインID、ユーザアイコン、サインインパスワード、公開鍵などのプロファイル情報を保持する。 FIG. 11 shows functional blocks of the server device 5. The server device 5 includes a control unit 150, a communication unit 152, and a user information holding unit 170, and the control unit 150 includes a user authentication unit 160, a user information acquisition unit 162, and an NW service providing unit 164. The server device 5 has a user authentication function and can be called an information processing device in that sense. The user information holding unit 170 is a user DB that holds profile information and save data of all users who use the network service. The user information holding unit 170 holds profile information such as a sign-in ID, an online ID, a user icon, a sign-in password, and a public key in association with the user's network account.
 図11において、さまざまな処理を行う機能ブロックとして記載される各要素は、ハードウェア的には、回路ブロック、メモリ、その他のLSIで構成することができ、ソフトウェア的には、メモリにロードされたプログラムなどによって実現される。したがって、これらの機能ブロックがハードウェアのみ、ソフトウェアのみ、またはそれらの組合せによっていろいろな形で実現できることは当業者には理解されるところであり、いずれかに限定されるものではない。 In FIG. 11, each element described as a functional block that performs various processes can be configured with a circuit block, a memory, and other LSI in terms of hardware, and loaded into the memory in terms of software. It is realized by a program. Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by only hardware, only software, or a combination thereof, and the present invention is not limited to them.
 サーバ装置5において、通信部152は、情報処理装置10aから、ユーザAのネットワークアカウント(NW_ID_A)を受信する。ユーザAのネットワークアカウント(NW_ID_A)は、入力装置6から情報処理装置10aに送信された識別情報であって、情報処理装置10aに登録されていない識別情報である。ユーザ認証部160は、ユーザ情報保持部170を参照して、ユーザのネットワークアカウントとして、NW_ID_Aが保持されているか確認する。ここでユーザ認証部160は、受信したNW_ID_Aと、ユーザ情報保持部170に保持される複数のユーザのネットワークアカウントを照合する。ユーザ情報保持部170は、ユーザAのネットワークアカウントとして、NW_ID_Aを保持しており、ユーザ認証部160は、ログイン要求しているユーザがユーザAであることを認証する(S50)。このユーザ識別情報を用いた認証は、第1段階の認証である。 In the server device 5, the communication unit 152 receives the network account (NW_ID_A) of the user A from the information processing device 10a. The network account (NW_ID_A) of the user A is the identification information transmitted from the input device 6 to the information processing device 10a and is not registered in the information processing device 10a. The user authentication unit 160 refers to the user information holding unit 170 and confirms whether NW_ID_A is held as the network account of the user. Here, the user authentication unit 160 collates the received NW_ID_A with the network accounts of the plurality of users held in the user information holding unit 170. The user information holding unit 170 holds NW_ID_A as the network account of the user A, and the user authentication unit 160 authenticates that the user requesting the login is the user A (S50). Authentication using this user identification information is the first stage authentication.
 続いてユーザ認証部160は、S50で認証したユーザが本当にユーザAであるか確認するために、入力装置6との間で別の手法によるユーザ認証処理を行う。このユーザ認証処理は、第2段階の認証であり、ユーザ認証部160は、入力装置6との間で公開鍵暗号を利用したチャレンジレスポンス方式の認証(S52)を実行する。S52では、図7に示すS18~S26の各ステップが、サーバ装置5と入力装置6との間で実施される。情報処理装置10aは、両者のデータ通信を中継する。 Subsequently, the user authentication unit 160 performs user authentication processing by another method with the input device 6 in order to confirm whether the user authenticated in S50 is really the user A. This user authentication process is a second-stage authentication, and the user authentication unit 160 executes challenge-response authentication (S52) using the public key encryption with the input device 6. In S52, the steps S18 to S26 shown in FIG. 7 are performed between the server device 5 and the input device 6. The information processing device 10a relays data communication between the two.
 ユーザ認証部160は、ユーザAの公開鍵でレスポンスを復号した結果がチャレンジと一致していれば、ログイン要求しているユーザAの本人確認を完了する(S54)。サーバ装置5における2回のユーザ認証の後、ユーザ情報取得部162は、ワンタイムパスワードを発行し、通信部152がワンタイムパスワードを情報処理装置10aに送信する(S56)。情報処理装置10aにおいて、ログイン処理部112は、ワンタイムパスワードを用いてユーザAに関する情報取得要求を生成し、通信部102が、ユーザAに関する情報取得要求をサーバ装置5に送信する(S58)。これを受けてユーザ情報取得部162は、ユーザAのプロファイル情報をユーザ情報保持部170から取得し、通信部152が、ユーザAのプロファイル情報を情報処理装置10aに送信する(S60)。送信されるユーザAのプロファイル情報は、情報処理装置10aがユーザAをログインさせるために必要な情報を含む。たとえばプロファイル情報は、ユーザAのサインインID、オンラインID、ユーザアイコン、サインインパスワード、公開鍵などであってよい。 If the result of decrypting the response with the public key of the user A matches the challenge, the user authentication unit 160 completes the identity verification of the user A requesting the login (S54). After the user authentication is performed twice in the server device 5, the user information acquisition unit 162 issues a one-time password, and the communication unit 152 transmits the one-time password to the information processing device 10a (S56). In the information processing device 10a, the login processing unit 112 generates an information acquisition request regarding the user A using the one-time password, and the communication unit 102 transmits the information acquisition request regarding the user A to the server device 5 (S58). In response to this, the user information acquisition unit 162 acquires the profile information of the user A from the user information holding unit 170, and the communication unit 152 transmits the profile information of the user A to the information processing device 10a (S60). The profile information of the user A transmitted includes information necessary for the information processing apparatus 10a to log in the user A. For example, the profile information may be the user A's sign-in ID, online ID, user icon, sign-in password, public key, or the like.
 情報処理装置10aにおいて、通信部102が、ユーザAのプロファイル情報を受信すると、ログイン処理部112が、ログイン画面を出力装置4に表示させ、ユーザAを情報処理装置10aにログインさせる(S62)。 In the information processing device 10a, when the communication unit 102 receives the profile information of the user A, the login processing unit 112 causes the output device 4 to display a login screen and logs the user A into the information processing device 10a (S62).
 図10(b)は、ユーザAのログイン画面の例を示す。ユーザAは、「登録する」を選択すると、情報処理装置10aに登録ユーザとしてログインし、「ゲストとして遊ぶ」を選択すると、情報処理装置10aに一時的なゲストユーザとしてログインする。なお、登録ユーザとしてログインすることは、情報処理装置10aの登録ユーザ情報保持部120に、ユーザ情報が登録されることを意味する。 FIG. 10B shows an example of the login screen of user A. When user A selects "register", the user A logs in as a registered user to the information processing apparatus 10a, and when "play as a guest" is selected, the user A logs in to the information processing apparatus 10a as a temporary guest user. Note that logging in as a registered user means that the user information is registered in the registered user information holding unit 120 of the information processing device 10a.
 以上のように情報処理システム1によれば、情報処理装置10aにユーザ登録されていない場合であっても、ユーザAは、指紋センサ79aに指をかざすだけで、情報処理装置10aにログインできる。これは入力装置6の登録ユーザ情報保持部89に、ユーザ識別情報として、ネットワークアカウントを保持させたためであることに他ならない。 As described above, according to the information processing system 1, even if the user is not registered in the information processing apparatus 10a, the user A can log in to the information processing apparatus 10a simply by holding his / her finger over the fingerprint sensor 79a. This is because the registered user information holding unit 89 of the input device 6 holds the network account as the user identification information.
 たとえばサーバ装置5のNWサービス提供部164が提供するネットワークサービスにおいて、本人確認が要求される場合においても、指紋認証による本人確認が実施されてよい。この場合においても、入力装置6とサーバ装置5の間には、図9で示すS50~S54までの各ステップが実行される。 For example, in the network service provided by the NW service providing unit 164 of the server device 5, even if the identity verification is requested, the identity verification may be performed by fingerprint authentication. Also in this case, the steps S50 to S54 shown in FIG. 9 are executed between the input device 6 and the server device 5.
 以上、本発明を実施例をもとに説明した。この実施例は例示であり、それらの各構成要素や各処理プロセスの組合せにいろいろな変形例が可能なこと、またそうした変形例も本発明の範囲にあることは当業者に理解されるところである。実施例では、指紋認証に関して説明したが、入力装置6は、他の種類の生体認証機能を備えてよい。 Above, the present invention has been described based on the embodiments. It should be understood by those skilled in the art that this embodiment is an exemplification, and that various modifications can be made to the combinations of the respective constituent elements and the respective processing processes, and that such modifications are within the scope of the present invention. . Although the fingerprint authentication has been described in the embodiment, the input device 6 may have another type of biometric authentication function.
 実施例では、指紋センサ79aをタッチパッド79が配設される平坦領域に設けたが、別の場所に設けてもよい。たとえば指紋センサ79aを機能ボタン80に設けると、ユーザは機能ボタン80を押下するだけで、情報処理装置10にログインできる仕組みが実現される。 In the embodiment, the fingerprint sensor 79a is provided in the flat area where the touch pad 79 is provided, but it may be provided in another place. For example, when the fingerprint sensor 79a is provided on the function button 80, a mechanism that allows the user to log in to the information processing apparatus 10 by simply pressing the function button 80 is realized.
 図12は、変形例における入力装置6と生体認証装置98の機能ブロックを示す。入力装置6は、操作部87、制御部88および通信部90を備えて、ユーザ操作信号を情報処理装置10に送信する。操作部87は、図2に示したボタン等の操作部材を表現する。生体認証装置98は、処理部91、提供部92、指紋センサ93、指紋認証部94、認証用データ保持部95、鍵生成部96および登録ユーザ情報保持部97を備える。生体認証装置98は、生体認証を実行する外部装置であって、たとえばUSBケーブルで入力装置6に接続されてよい。 FIG. 12 shows functional blocks of the input device 6 and the biometric authentication device 98 in the modification. The input device 6 includes an operation unit 87, a control unit 88, and a communication unit 90, and transmits a user operation signal to the information processing device 10. The operation unit 87 represents an operation member such as the button shown in FIG. The biometric authentication device 98 includes a processing unit 91, a providing unit 92, a fingerprint sensor 93, a fingerprint authentication unit 94, an authentication data holding unit 95, a key generation unit 96, and a registered user information holding unit 97. The biometric authentication device 98 is an external device that performs biometric authentication, and may be connected to the input device 6 with a USB cable, for example.
 生体認証装置98は、図4に示す入力装置6における生体認証機能を実現する。具体的に図12における指紋センサ93、指紋認証部94、認証用データ保持部95、鍵生成部96、登録ユーザ情報保持部97は、図4における指紋センサ79a、指紋認証部84、認証用データ保持部85、鍵生成部86、登録ユーザ情報保持部89にそれぞれ対応する。 The biometric authentication device 98 realizes the biometric authentication function of the input device 6 shown in FIG. Specifically, the fingerprint sensor 93, the fingerprint authentication unit 94, the authentication data holding unit 95, the key generation unit 96, and the registered user information holding unit 97 in FIG. 12 are the fingerprint sensor 79a, the fingerprint authentication unit 84, and the authentication data in FIG. It corresponds to the holding unit 85, the key generation unit 86, and the registered user information holding unit 89, respectively.
 認証用データ保持部95は、1以上の登録ユーザの認証用データを保持する。認証用データ保持部85は、情報処理装置10に登録された複数ユーザの認証用データを保持してよい。ユーザログインの際、指紋センサ93は指紋情報を受け付け可能な状態を維持する。指紋センサ93がユーザの指紋情報を受け付けると、指紋認証部94は、指紋センサ93が受け付けた指紋情報と、認証用データ保持部95に保持された1以上の登録ユーザの認証用データを照合して、ユーザが登録ユーザであることを確認する。 The authentication data holding unit 95 holds the authentication data of one or more registered users. The authentication data holding unit 85 may hold the authentication data of a plurality of users registered in the information processing device 10. At the time of user login, the fingerprint sensor 93 maintains a state in which it can accept fingerprint information. When the fingerprint sensor 93 receives the fingerprint information of the user, the fingerprint authentication unit 94 compares the fingerprint information received by the fingerprint sensor 93 with the authentication data of one or more registered users held in the authentication data holding unit 95. And confirm that the user is a registered user.
 指紋認証部94は指紋認証に成功すると、照合した認証用データの指IDを処理部91に通知する。処理部91は、登録ユーザ情報保持部97から、通知された指IDに対応付けられたネットワークアカウントを読み出す。提供部92はユーザのネットワークアカウントを、入力装置6に提供する。制御部88は、ネットワークアカウントを受け取ると、通信部90から情報処理装置10に送信させる。情報処理装置10におけるログイン処理については、実施例で説明したとおりである。 When the fingerprint authentication is successful, the fingerprint authentication unit 94 notifies the processing unit 91 of the finger ID of the verified authentication data. The processing unit 91 reads out the network account associated with the notified finger ID from the registered user information holding unit 97. The providing unit 92 provides the user's network account to the input device 6. Upon receiving the network account, the control unit 88 causes the communication unit 90 to transmit the information to the information processing apparatus 10. The login process in the information processing device 10 is as described in the embodiment.
 本発明は、ユーザを認証する技術分野に利用できる。 The present invention can be used in the technical field of authenticating a user.
1・・・情報処理システム、5・・・サーバ装置、6・・・入力装置、10,10a・・・情報処理装置、84・・・指紋認証部、85・・・認証用データ保持部、86・・・鍵生成部、87・・・操作部、88・・・制御部、89・・・登録ユーザ情報保持部、90・・・通信部、100・・・制御部、102・・・通信部、110・・・ユーザ認証部、112・・・ログイン処理部、114・・・アプリケーション実行部、120・・・登録ユーザ情報保持部、150・・・制御部、152・・・通信部、160・・・ユーザ認証部、162・・・ユーザ情報取得部、164・・・NWサービス提供部、170・・・ユーザ情報保持部。 1 ... Information processing system, 5 ... Server device, 6 ... Input device, 10, 10a ... Information processing device, 84 ... Fingerprint authentication unit, 85 ... Authentication data holding unit, 86 ... Key generation unit, 87 ... Operation unit, 88 ... Control unit, 89 ... Registered user information holding unit, 90 ... Communication unit, 100 ... Control unit, 102 ... Communication unit, 110 ... User authentication unit, 112 ... Login processing unit, 114 ... Application execution unit, 120 ... Registered user information holding unit, 150 ... Control unit, 152 ... Communication unit , 160 ... User authentication section, 162 ... User information acquisition section, 164 ... NW service providing section, 170 ... User information holding section.

Claims (15)

  1.  ユーザ操作を入力するための入力装置と、情報処理装置とを備えた情報処理システムであって、
     前記入力装置は、
     ユーザの生体情報にもとづいて認証されたユーザを識別するためのユーザ識別情報を送信する第1通信部、を有し、
     前記情報処理装置は、
     ユーザ識別情報を受信する第2通信部と、
     1以上の登録ユーザの識別情報を保持する情報処理装置側保持部と、
     受信したユーザ識別情報と、前記情報処理装置側保持部に保持された登録ユーザの識別情報とを照合する情報処理装置側認証部と、を有する、
     ことを特徴とする情報処理システム。     An information processing system including an input device for inputting a user operation and an information processing device,
    The input device is
    A first communication unit that transmits user identification information for identifying a user authenticated based on the biometric information of the user,
    The information processing device,
    A second communication unit for receiving user identification information;
    An information processing apparatus-side holding unit that holds identification information of one or more registered users;
    An information processing device side authentication unit for collating the received user identification information with the registered user identification information held in the information processing device side holding unit,
    An information processing system characterized by the above.
  2.  前記入力装置は、
     1以上の登録ユーザの認証用データを保持する入力装置側保持部と、
     ユーザの生体情報を受け付ける生体情報受付部と、
     前記生体情報受付部が受け付けた生体情報と、前記入力装置側保持部に保持された認証用データとを照合する生体認証部と、
     を有することを特徴とする請求項1に記載の情報処理システム。     The input device is
    An input device-side holding unit that holds authentication data for one or more registered users;
    A biometric information reception unit that receives biometric information of the user,
    A biometric authentication unit that collates the biometric information received by the biometric information receiving unit with the authentication data held in the input device side holding unit,
    The information processing system according to claim 1, further comprising:
  3.  前記入力装置は、
     外部の認証装置により生体認証されたユーザのユーザ識別情報を取得する制御部をさらに有する、
     ことを特徴とする請求項1に記載の情報処理システム。     The input device is
    It further includes a control unit that acquires user identification information of a user who has been biometrically authenticated by an external authentication device,
    The information processing system according to claim 1, wherein:
  4.  前記情報処理装置側認証部は、ユーザ識別情報を用いてユーザを認証した後、別の手法によるユーザ認証処理を行う、
     ことを特徴とする請求項1から3のいずれかに記載の情報処理システム。     The information processing apparatus-side authentication unit performs user authentication processing by another method after authenticating a user using user identification information,
    The information processing system according to any one of claims 1 to 3, characterized in that:
  5.  前記情報処理装置は、
     前記情報処理装置側認証部により認証されたユーザをログインさせるログイン処理部を有する、
     ことを特徴とする請求項1から4のいずれかに記載の情報処理システム。     The information processing device,
    A login processing unit that logs in a user authenticated by the information processing device-side authentication unit;
    The information processing system according to any one of claims 1 to 4, wherein:
  6.  前記ログイン処理部は、
     生体認証を経由しない第1ログイン処理と、生体認証を経由する第2ログイン処理とを選択的に実施する、
     ことを特徴とする請求項5に記載の情報処理システム。     The login processing unit,
    Selectively performing a first login process that does not go through biometrics authentication and a second login process that does not go through biometrics authentication,
    The information processing system according to claim 5, wherein:
  7.  サービスを提供するサーバ装置をさらに備え、
     前記サーバ装置は、
     サービスの複数のユーザの識別情報を保持するサーバ側保持部と、
     前記情報処理装置からユーザ識別情報を受信する第3通信部と、
     受信したユーザ識別情報と、前記サーバ側保持部に保持された識別情報とを照合するサーバ側認証部と、を有し、
     前記情報処理装置において、前記情報処理装置側認証部がユーザ認証できない場合に、前記第2通信部は、前記サーバ装置に、ユーザ識別情報を送信し、
     前記サーバ装置において、前記第3通信部がユーザ識別情報を受信すると、前記サーバ側認証部が、受信したユーザ識別情報と、前記サーバ側保持部に保持された識別情報とを照合する、
     ことを特徴とする請求項5または6のいずれかに記載の情報処理システム。     Further comprising a server device that provides services,
    The server device is
    A server-side holding unit that holds identification information of a plurality of users of the service,
    A third communication unit that receives user identification information from the information processing device;
    And a server-side authentication unit that collates the received user identification information with the identification information held in the server-side holding unit,
    In the information processing device, when the information processing device-side authentication unit cannot perform user authentication, the second communication unit transmits user identification information to the server device,
    In the server device, when the third communication unit receives the user identification information, the server side authentication unit collates the received user identification information with the identification information held in the server side holding unit,
    The information processing system according to claim 5, wherein:
  8.  前記サーバ装置は、
     認証に成功したユーザのプロファイル情報を取得する情報取得部をさらに有し、
     前記第3通信部は、プロファイル情報を前記情報処理装置に送信し、
     前記情報処理装置において、前記ログイン処理部は、プロファイル情報を用いて、ユーザをログインさせる、
     ことを特徴とする請求項7に記載の情報処理システム。     The server device is
    An information acquisition unit for acquiring profile information of a user who has been successfully authenticated,
    The third communication unit transmits profile information to the information processing device,
    In the information processing device, the login processing unit causes a user to log in using profile information,
    The information processing system according to claim 7, wherein:
  9.  ユーザ操作信号を情報処理装置に送信する入力装置であって、
     1以上の登録ユーザの認証用データを保持する保持部と、
     ユーザの生体情報を受け付ける生体情報受付部と、
     前記生体情報受付部が受け付けた生体情報と、前記保持部に保持された認証用データとを照合する認証部と、
     前記認証部により認証されたユーザを識別するためのユーザ識別情報を前記情報処理装置に送信する通信部と、
     を備えることを特徴とする入力装置。     An input device for transmitting a user operation signal to an information processing device,
    A holding unit that holds authentication data for one or more registered users;
    A biometric information reception unit that receives biometric information of the user,
    An authentication unit that collates the biometric information received by the biometric information reception unit and the authentication data held in the holding unit,
    A communication unit that transmits user identification information for identifying the user authenticated by the authentication unit to the information processing device;
    An input device comprising:
  10.  登録ユーザを特定した状態のもとで、認証用データを前記保持部に保持させる制御部をさらに備える、
     ことを特徴とする請求項9に記載の入力装置。     Further comprising a control unit for holding the authentication data in the holding unit under the state where the registered user is specified,
    The input device according to claim 9, wherein:
  11.  登録ユーザの秘密鍵および公開鍵を生成する鍵生成部をさらに備え、
     前記制御部は公開鍵を、前記通信部から前記情報処理装置に送信させる、
     ことを特徴とする請求項10に記載の入力装置。     A key generation unit that generates a private key and a public key of the registered user,
    The control unit causes the communication unit to transmit a public key to the information processing device,
    The input device according to claim 10, wherein:
  12.  ユーザを認証する方法であって、
     ユーザ操作を入力するための入力装置が、ユーザの生体情報にもとづいて認証されたユーザを識別するためのユーザ識別情報を情報処理装置に送信し、
     情報処理装置が、
     ユーザ識別情報を受信し、
     受信したユーザ識別情報と、保持部において保持された1以上の登録ユーザの識別情報とを照合する、
     ことを特徴とするユーザ認証方法。     A method of authenticating a user,
    An input device for inputting a user operation transmits user identification information for identifying a user authenticated based on biometric information of the user to the information processing device,
    The information processing device
    Receive user identification information,
    Collating the received user identification information with the identification information of one or more registered users held in the holding unit,
    A user authentication method characterized by the above.
  13.  入力装置からユーザ操作信号を送信される情報処理装置と接続するサーバ装置であって、
     サービスの複数のユーザの識別情報を保持する保持部と、
     前記入力装置から前記情報処理装置に送信されたユーザ識別情報であって前記情報処理装置に登録されていないユーザ識別情報を、受信する通信部と、
     受信したユーザ識別情報と、前記保持部に保持されたユーザの識別情報とを照合する認証部と、を有し、
     前記認証部が、受信したユーザ識別情報が前記保持部に保持されていることを確認すると、前記入力装置との間で、ユーザ認証処理を行う、
     ことを特徴とするサーバ装置。     A server device connected to an information processing device to which a user operation signal is transmitted from an input device,
    A holding unit that holds identification information of a plurality of users of the service,
    A communication unit that receives user identification information transmitted from the input device to the information processing device and not registered in the information processing device,
    An authentication unit that collates the received user identification information with the user identification information held in the holding unit;
    When the authentication unit confirms that the received user identification information is held in the holding unit, performs a user authentication process with the input device,
    A server device characterized by the above.
  14.  前記認証部がユーザ認証に成功すると、前記通信部が、当該ユーザのプロファイル情報を前記情報処理装置に送信する、
     ことを特徴とする請求項13に記載のサーバ装置。     When the authentication unit succeeds in user authentication, the communication unit transmits profile information of the user to the information processing device,
    The server device according to claim 13, wherein:
  15.  ユーザ操作信号を情報処理装置に送信する入力装置に接続される生体認証装置であって、
     1以上の登録ユーザの認証用データを保持する保持部と、
     ユーザの生体情報を受け付ける生体情報受付部と、
     前記生体情報受付部が受け付けた生体情報と、前記保持部に保持された認証用データとを照合する認証部と、
     前記認証部により認証されたユーザを識別するためのユーザ識別情報を前記入力装置に提供する提供部と、
     を備えることを特徴とする生体認証装置。     A biometric authentication device connected to an input device for transmitting a user operation signal to an information processing device,
    A holding unit that holds authentication data for one or more registered users;
    A biometric information reception unit that receives biometric information of the user,
    An authentication unit that collates the biometric information received by the biometric information reception unit and the authentication data held in the holding unit,
    A providing unit for providing the input device with user identification information for identifying the user authenticated by the authentication unit;
    A biometric authentication device, comprising:
PCT/JP2019/040426 2018-10-22 2019-10-15 Information processing system, input device, user authentication method, server device, and biometric authentication device WO2020085141A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2020553182A JP7220722B2 (en) 2018-10-22 2019-10-15 Information processing system and information processing device
US17/286,633 US20210374219A1 (en) 2018-10-22 2019-10-15 Information processing system, input device, user authentication method, server device, and biometric authentication device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862748621P 2018-10-22 2018-10-22
US62/748,621 2018-10-22

Publications (1)

Publication Number Publication Date
WO2020085141A1 true WO2020085141A1 (en) 2020-04-30

Family

ID=70330605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/040426 WO2020085141A1 (en) 2018-10-22 2019-10-15 Information processing system, input device, user authentication method, server device, and biometric authentication device

Country Status (3)

Country Link
US (1) US20210374219A1 (en)
JP (1) JP7220722B2 (en)
WO (1) WO2020085141A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10285153A (en) * 1997-03-31 1998-10-23 Rooreru Intelligent Syst:Kk Communication system, ic card issue registration system, key code generator and recording medium
JPH11355266A (en) * 1998-06-05 1999-12-24 Nec Corp Device and method for user authentication
JP2002222022A (en) * 2001-01-29 2002-08-09 Toshiba Corp Electronic equipment system and actuating method for electronic equipment system
JP2006180379A (en) * 2004-12-24 2006-07-06 Nippon Telegr & Teleph Corp <Ntt> Remote controller and information terminal for domestic electrical appliance
JP2006352223A (en) * 2005-06-13 2006-12-28 Hitachi Ltd Network connection system
WO2015004744A1 (en) * 2013-07-10 2015-01-15 株式会社野村総合研究所 Authentication device, authentication method, and program
JP2016170549A (en) * 2015-03-12 2016-09-23 株式会社日本総合研究所 Input device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070094715A1 (en) * 2005-10-20 2007-04-26 Microsoft Corporation Two-factor authentication using a remote control device
US9436818B1 (en) * 2014-06-30 2016-09-06 II Macio P. Tooley System and method for credential management and identity verification
KR102426417B1 (en) * 2015-02-17 2022-08-01 삼성전자주식회사 Authentication processing method and electronic device supporting the same
CN110196643A (en) * 2018-02-24 2019-09-03 北京行云时空科技有限公司 Wireless Keyboard and its Bluetooth connecting method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10285153A (en) * 1997-03-31 1998-10-23 Rooreru Intelligent Syst:Kk Communication system, ic card issue registration system, key code generator and recording medium
JPH11355266A (en) * 1998-06-05 1999-12-24 Nec Corp Device and method for user authentication
JP2002222022A (en) * 2001-01-29 2002-08-09 Toshiba Corp Electronic equipment system and actuating method for electronic equipment system
JP2006180379A (en) * 2004-12-24 2006-07-06 Nippon Telegr & Teleph Corp <Ntt> Remote controller and information terminal for domestic electrical appliance
JP2006352223A (en) * 2005-06-13 2006-12-28 Hitachi Ltd Network connection system
WO2015004744A1 (en) * 2013-07-10 2015-01-15 株式会社野村総合研究所 Authentication device, authentication method, and program
JP2016170549A (en) * 2015-03-12 2016-09-23 株式会社日本総合研究所 Input device

Also Published As

Publication number Publication date
JP7220722B2 (en) 2023-02-10
JPWO2020085141A1 (en) 2021-09-02
US20210374219A1 (en) 2021-12-02

Similar Documents

Publication Publication Date Title
CN107113315B (en) Identity authentication method, terminal and server
US8627095B2 (en) Information processing apparatus, information processing method, and program
US8752147B2 (en) System and method for two-factor user authentication
US8739266B2 (en) Universal authentication token
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
US7809944B2 (en) Method and apparatus for providing information for decrypting content, and program executed on information processor
JP5268889B2 (en) Device that performs identification and authentication
US8099765B2 (en) Methods and systems for remote password reset using an authentication credential managed by a third party
US20070094715A1 (en) Two-factor authentication using a remote control device
JP4095051B2 (en) Home network device capable of automatic ownership authentication, home network system and method thereof
US20170300920A1 (en) Method Of And Apparatus For Authenticating Fingerprint, Smart Terminal And Computer Storage Medium
US20160070894A1 (en) Authentication method and system using password as the authentication key
US11516212B2 (en) Multi-functional authentication apparatus and operating method for the same
US20190200223A1 (en) Wireless network-based biometric authentication system, a mobile device and a method thereof
JP7023139B2 (en) Unlocking system, unlocking device, unlocking method, terminal device and program
WO2019010669A1 (en) Method, apparatus and system for identity validity verification
KR20200050813A (en) Payment method using biometric authentication and electronic device thereof
WO2014042269A1 (en) Vpn connection authentication system, user terminal, authentication server, biometric-authentication result evidence-information validation server, vpn connection server, and program
JP2015194947A (en) Information processing device and computer program
JP2006033780A (en) Network authentication system using identification by calling-back
US9876781B2 (en) Information processing device
KR20150082909A (en) Single-Sign-On System on the Basis of Biometric Recognition and Method thereof
CN108282768A (en) Bluetooth equipment shares control and requesting method and electronic equipment
WO2005122689A2 (en) A method and system for securing a device
JP7220722B2 (en) Information processing system and information processing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19876256

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020553182

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19876256

Country of ref document: EP

Kind code of ref document: A1